Information disclosure in Flowiseai Flowise

CVE-2026-41278

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker valid…

Vulnerability class: Information Disclosure

EPSS: 0.000 (10.4th percentile) — read the EPSS interpretation.

Affected products

Flowiseai Flowise — versions < 3.1.0

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-w47f-j8rh-wx87 (x_refsource_CONFIRM)