Vulnerability in Flowiseai Flowise

CVE-2026-41275

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functionality on cloud.flowiseai.com sends a reset password link over the unsecured HTTP protocol instead of HTTPS…

EPSS: 0.000 (11.5th percentile) — read the EPSS interpretation.

Affected products

Flowiseai Flowise — versions < 3.1.0

Weakness classification (CWE)

CWE-319 — Cleartext Transmission of Sensitive Information

References

https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-x5w6-38gp-mrqh (x_refsource_CONFIRM)
https://hackerone.com/reports/1888915 (x_refsource_MISC)