Auth bypass in Flowiseai Flowise

CVE-2026-41276

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to bypass authentication on affected installations of FlowiseAI Flowise. Authentication is…

Vulnerability class: Broken Authentication

EPSS: 0.007 (73.1th percentile) — read the EPSS interpretation.

Affected products

Flowiseai Flowise — versions < 3.1.0

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-f6hc-c5jr-878p (x_refsource_CONFIRM)