CVE-2026-8028

LOW 3.7

FlowiseAI Flowise Endpoint account.service.ts verify information disclosure

CVSS Score

3.7

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit is now public and may be used. Upgrading the affected component is recommended.

CWE	CWE-200 CWE-284
Vendor	flowiseai
Product	flowise
Published	May 6, 2026
Last Updated	May 6, 2026

Stay Ahead of the Next One

Get instant alerts for flowiseai flowise

Be the first to know when new low vulnerabilities affecting flowiseai flowise are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

FlowiseAI / Flowise

3.0.0 3.0.1 3.0.2 3.0.3 3.0.4 3.0.5 3.0.6 3.0.7 3.0.8 3.0.9 3.0.10 3.0.11 3.0.12

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/361276 vuldb.com: https://vuldb.com/vuln/361276/cti vuldb.com: https://vuldb.com/submit/777659 gist.github.com: https://gist.github.com/YLChen-007/1d52497b0221835f99367be61612746b

Credits

🔍 Eric-a (VulDB User)