CVE Catalog

CVE-2026-46440

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

11th percentile — higher than 11% of all known CVEs

Summary

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison.

Risk Assessment

The lack of proper credential protection may lead to unauthorized access to the system, posing a serious security threat to the organization.

Recommendation

It is recommended to upgrade to version 3.1.2 or later to patch this vulnerability and implement appropriate security measures.

Original NVD description (English source)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS