CVE-2026-46440

Published: Giu 08, 2026 Last Modified: Giu 08, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: high
Privileges Required: none
User Interaction: required
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2.

522

Insufficiently Protected Credentials

Incomplete
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Gain Privileges Or Assume Identity
Applicable Platforms
Technologies: Not Technology-Specific, Web Based, ICS/OT
View CWE Details
https://github.com/FlowiseAI/Flowise/security/advisories/GH…
https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-php6-83fg-gw3g
https://github.com/FlowiseAI/Flowise/releases/tag/flowise%4…
https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.1.2
https://github.com/FlowiseAI/Flowise/security/advisories/GH…
https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-php6-83fg-gw3g