Auth bypass in Flowiseai Flowise

CVE-2026-41273

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacker to obtain OAuth 2.0 access tokens asso…

Vulnerability class: Broken Authentication

EPSS: 0.002 (43.4th percentile) — read the EPSS interpretation.