CVE-2026-46443: Flowise Credential Exposure via Unfiltered API Response
Flowise, a no-code platform for building custom language model workflows, contains a credential exposure flaw in versions before 3.1.2. When users or applications retrieve stored credentials using a filter parameter, the system fails to remove encrypted credential data from the response—information that should never leave the server. An attacker with legitimate access to the Flowise instance could exploit this to extract encrypted credentials, potentially compromising downstream services or enabling lateral movement. The vulnerability does not affect credential retrieval when no filter is applied, indicating incomplete input-handling logic.
Source data · NVD / CISA · public domain
- CVSS
- 3.1 · 6.5 MEDIUM · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- Weaknesses (CWE)
- CWE-200
- Affected products
- 1 configuration(s)
- Published / Modified
- 2026-06-08 / 2026-06-17
NVD description (verbatim)
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData field is not stripped from the response. The code properly omits encryptedData when no filter is used but fails to do so when a filter is used. This issue has been patched in version 3.1.2.
3 reference(s) · View on NVD →
SEC.co analysis · AI-assisted, reviewed against source
Technical summary
CVE-2026-46443 is an information disclosure vulnerability (CWE-200) in Flowise's credential retrieval endpoint. The flaw stems from inconsistent output sanitization: the encryptedData field is properly stripped when credentials are fetched without query filters, but the same sanitization logic is bypassed when a credentialName filter parameter is supplied. An authenticated user can craft a filtered credential query to receive the encrypted credential blob in the response, which may be reversible depending on key management practices or exploitable in offline cryptanalysis scenarios. The vulnerability requires prior authentication (CVSS PR:L) and network accessibility but poses a direct confidentiality risk to any encrypted secrets managed within Flowise.
Business impact
Exposure of encrypted credentials can undermine the security of connected integrations—LLM APIs, databases, external services, and data pipelines that Flowise orchestrates. If credential encryption keys are weak, reused, or compromised separately, an attacker obtaining encrypted credential blobs gains a higher-value target for cryptanalysis. In multi-tenant or shared Flowise environments, this could allow one user to access another user's secrets. The flaw is particularly concerning for organizations using Flowise to manage production workflows that require high-privilege credentials (API keys, database passwords).
Affected systems
Flowise versions prior to 3.1.2 are affected. The vulnerability is specific to instances where credentials are queried via the filtered endpoint; all deployments of vulnerable versions are at risk if users leverage credential filtering features. No other vendor products or components are directly affected by this issue.
Exploitability
Exploitation requires valid authentication to the Flowise instance (PR:L in the CVSS vector), making this an insider-risk or compromised-account scenario rather than an unauthenticated attack. The attack is straightforward once authenticated: a malicious user or attacker with valid credentials simply appends a credentialName filter to the credential-fetch API call. No user interaction or client-side complexity is needed. The barrier to exploitation is moderate—limited to users with platform access—but the impact is deterministic: successful extraction of encrypted credential material.
Remediation
Update Flowise to version 3.1.2 or later to restore proper output sanitization. Organizations unable to upgrade immediately should restrict API access to the credential endpoint via network controls or role-based access lists, limiting who can query credentials. Review authentication logs and credential access patterns to identify potential unauthorized extraction. Consider rotating all stored credentials if a breach of the Flowise instance is suspected.
Patch guidance
The patch in version 3.1.2 corrects the conditional logic that governs encryptedData field stripping, ensuring the field is removed from responses regardless of whether a filter parameter is present. Apply the patch across all Flowise deployments in development, staging, and production environments. Verify the patch by confirming that filtered credential queries no longer return encryptedData in API responses. Test with both filtered and unfiltered queries to ensure the fix does not break legitimate functionality.
Detection guidance
Monitor Flowise API logs for repeated credential fetch requests, especially those using credentialName or similar filter parameters. Correlate spikes in credential queries with unusual user activity or access from unexpected IP addresses. Implement alerting for any extraction of encryptedData fields in credential responses (this field should never appear in logs after the patch is applied). Review Flowise audit trails for credential access by non-administrative accounts or outside normal operational windows.
Why prioritize this
Although this vulnerability carries a MEDIUM CVSS score (6.5) and does not appear in the CISA KEV catalog, it merits prompt attention because it directly threatens the confidentiality of secrets used to secure downstream integrations. The ease of exploitation for authenticated users, combined with the high value of credential material, elevates practical risk. Organizations should prioritize patching ahead of any public proof-of-concept releases or increased attacker awareness.
Risk score, explained
The CVSS 3.1 score of 6.5 (MEDIUM) reflects a network-accessible vulnerability with low attack complexity and a requirement for prior authentication. The high confidentiality impact (C:H) is offset by the absence of integrity or availability impact. The score appropriately captures that while the attack is easy to execute for insiders, it requires legitimate platform access and does not enable account takeover, data modification, or service disruption. Organizations should contextualize this score against their credential architecture and the sensitivity of secrets stored in Flowise.
Frequently asked questions
Can an unauthenticated attacker exploit this vulnerability?
No. The CVSS vector PR:L indicates the attacker must already have valid authentication credentials for the Flowise instance. However, compromised accounts, insider threats, or supply-chain compromises of Flowise integrations could enable exploitation.
Does this vulnerability affect Flowise instances that don't use credential filtering?
All instances of affected versions carry the flaw in the code path, but the vulnerability is only exploitable if the filtered credential-fetch endpoint is called. If credential queries are never filtered by name, the vulnerable code may not be invoked in practice. However, patching is still recommended to eliminate the attack surface.
What happens if I'm running Flowise 3.1.2 or later?
You are not affected by this vulnerability. The patch ensures that encryptedData is stripped from credential responses regardless of filter parameters. Verify your version in the Flowise UI or logs to confirm.
Are the encrypted credentials in the response immediately readable by an attacker?
Not necessarily. The credential data is encrypted; readability depends on whether the encryption key is weak, reused across multiple instances, or compromised through a separate channel. However, exposure of encrypted blobs is still a significant security failure and increases the attack surface for offline cryptanalysis.
This analysis is based on official CVE data and vendor advisories current as of the publication date. Specific patch version numbers and remediation steps should be verified against the official Flowise security advisory and release notes. Security organizations should conduct their own risk assessment based on their Flowise deployment architecture, credential sensitivity, and user access controls. SEC.co does not host or distribute exploits and recommends responsible disclosure practices for any independently discovered variants or bypasses. Source: NVD (public-domain), retrieved 2026-07-16. Analysis generated by SEC.co (claude-haiku-4-5).
Related vulnerabilities
- CVE-2026-10254MEDIUMUnauthenticated Information Disclosure in SourceCodester Pet Grooming Software
- CVE-2026-10854MEDIUMMISP Galaxy Visibility Control Bypass – Unauthorized Private Metadata Access
- CVE-2026-10864MEDIUMMISP Dashboard Widget Field Filtering Bypass (Medium)
- CVE-2026-11162MEDIUMChrome CSS Cross-Origin Data Leak Vulnerability
- CVE-2026-11168MEDIUMChrome Extension Memory Disclosure Vulnerability
- CVE-2026-11180MEDIUMChrome SVG Cross-Origin Data Leak – Patch & Mitigation Guide
- CVE-2026-11182MEDIUMChrome SVG Cross-Origin Data Leak Vulnerability
- CVE-2026-11203MEDIUMChrome GPU Isolation Bypass on macOS Allows Cross-Origin Data Leak