CVE-2026-41276

CriticalPublic PoC

Published: 23 April 2026

Published

23 April 2026

Modified

24 April 2026

KEV Added

—

Patch

—

CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0042 61.8th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-41276 is a critical-severity Improper Authentication (CWE-287) vulnerability in Flowiseai Flowise. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 38.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Other AI Platforms.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the CVE by requiring timely remediation of the password reset flaw through patching to version 3.1.0 or equivalent fixes.

SI-10 Information Input Validation good match

prevent

Requires validation of the reset token input at the /api/v1/account/reset-password endpoint to reject null or empty values that enable unauthorized password resets.

IA-5 Authenticator Management good match

prevent

Ensures proper generation, distribution, and validation of password reset tokens as authenticators, preventing bypass via unverified null or empty tokens.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1078 Valid Accounts Stealth

Adversaries may obtain and abuse credentials of existing accounts as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion.

attack.mitre.org →

Why these techniques?

The vulnerability enables unauthenticated exploitation of a public-facing web application API endpoint (T1190) to bypass authentication and perform account takeover by resetting passwords, facilitating the use of valid accounts (T1078).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to bypass authentication on affected installations of FlowiseAI Flowise. Authentication is not required to exploit this…

vulnerability. The specific flaw exists within the resetPassword method of the AccountService class. There is no check performed to ensure that a password reset token has actually been generated for a user account. By default the value of the reset token stored in a users account is null, or an empty string if they've reset their password before. An attacker with knowledge of the user's email address can submit a request to the "/api/v1/account/reset-password" endpoint containing a null or empty string reset token value and reset that user's password to a value of their choosing. This vulnerability is fixed in 3.1.0.

Deeper analysisAI

CVE-2026-41276 is an authentication bypass vulnerability affecting FlowiseAI Flowise, an open-source drag-and-drop user interface for building customized large language model flows, in versions prior to 3.1.0. The flaw resides in the resetPassword method of the AccountService class, where no validation occurs to confirm that a password reset token has been generated for the target user account. By default, the reset token value stored in user accounts is null or an empty string, particularly if the user has previously reset their password.

Remote attackers can exploit this vulnerability without authentication by knowing only the target user's email address. They submit a request to the /api/v1/account/reset-password endpoint with a null or empty string as the reset token value, allowing them to overwrite the user's password with one of their choosing. This enables full account takeover, granting attackers high confidentiality, integrity, and availability impacts as reflected in the CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), linked to CWE-287 (Improper Authentication).

The GitHub security advisory (GHSA-f6hc-c5jr-878p) confirms the issue is resolved in Flowise version 3.1.0, recommending that users upgrade immediately to mitigate the risk. No additional workarounds are specified in the provided references.

Flowise's role in constructing LLM-based workflows introduces AI/ML relevance, as compromised instances could potentially allow attackers to manipulate or exfiltrate custom model flows. No evidence of real-world exploitation is noted in the available details.

Details

CWE(s): CWE-287

Affected Products

flowiseai

flowise

≤ 3.1.0

AI Security AnalysisAI

AI Category: Other AI Platforms
Risk Domain: N/A
OWASP Top 10 for LLMs 2025: None mapped
Classification Reason: Matched keywords: large language model

CVEs Like This One

CVE-2026-41277Same product: Flowiseai Flowise

CVE-2026-41272Same product: Flowiseai Flowise

CVE-2026-41274Same product: Flowiseai Flowise

CVE-2026-41264Same product: Flowiseai Flowise

CVE-2026-30824Same product: Flowiseai Flowise

CVE-2026-41268Same product: Flowiseai Flowise

CVE-2026-41265Same product: Flowiseai Flowise

CVE-2026-41278Same product: Flowiseai Flowise

CVE-2026-41270Same product: Flowiseai Flowise

CVE-2026-41269Same product: Flowiseai Flowise

References

https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-f6hc-c5jr-878p
Exploit, Vendor Advisory · security-advisories@github.com
https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-f6hc-c5jr-878p
Exploit, Vendor Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0