Auth bypass in Flowiseai Flowise

CVE-2026-41266

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration w…

Vulnerability class: Information Disclosure

EPSS: 0.001 (28.5th percentile) — read the EPSS interpretation.