CVE-2026-8026

LOW 3.7

FlowiseAI Flowise API Response account.service.ts login information disclosure

CVSS Score

3.7

EPSS Score

0.0%

EPSS Percentile

0th

A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is told to be difficult. You should upgrade the affected component.

CWE	CWE-200 CWE-284
Vendor	flowiseai
Product	flowise
Published	May 6, 2026
Last Updated	May 6, 2026

Stay Ahead of the Next One

Get instant alerts for flowiseai flowise

Be the first to know when new low vulnerabilities affecting flowiseai flowise are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

FlowiseAI / Flowise

3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.0.7 3.0.8 3.0.9 3.0.10 3.0.11 3.0.12

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/361273 vuldb.com: https://vuldb.com/vuln/361273/cti vuldb.com: https://vuldb.com/submit/777656 gist.github.com: https://gist.github.com/YLChen-007/50a553f09aa1c7c04ce18cec13986a91

Credits

🔍 Eric-a (VulDB User)