πŸ” CVE Alert

CVE-2026-41275

UNKNOWN 0.0

Flowise: Password Reset Link Sent Over Unsecured HTTP

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functionality on cloud.flowiseai.com sends a reset password link over the unsecured HTTP protocol instead of HTTPS. This behavior introduces the risk of a man-in-the-middle (MITM) attack, where an attacker on the same network as the user (e.g., public Wi-Fi) can intercept the reset link and gain unauthorized access to the victim’s account. This vulnerability is fixed in 3.1.0.

CWE CWE-319
Vendor flowiseai
Product flowise
Published Apr 23, 2026
Stay Ahead of the Next One

Get instant alerts for flowiseai flowise

Be the first to know when new unknown vulnerabilities affecting flowiseai flowise are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

FlowiseAI / Flowise
< 3.1.0

References

NVD β†— CVE.org β†— EPSS Data β†—
github.com: https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-x5w6-38gp-mrqh hackerone.com: https://hackerone.com/reports/1888915