CVE-2026-8026 MEDIUM

CVE-2026-8026: FlowiseAI Flowise API Response account.service.ts login information disclosure

Vendor Flowiseai
Product Flowise
Weakness CWE-200 · Info exposure
Published May 6, 2026
Last update May 6, 2026

CVSS base score

6.3/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is told to be difficult. You should upgrade the affected component.

Key dates

02Disclosure timeline

May 6, 2026 CVE published
May 6, 2026 Record updated