CVE-2026-46443

Published: Giu 08, 2026 Last Modified: Giu 08, 2026

ExploitDB:

Other exploit source:

Google Dorks:

HIGH 7,0

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: low

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData field is not stripped from the response. The code properly omits encryptedData when no filter is used but fails to do so when a filter is used. This issue has been patched in version 3.1.2.

200

Exposure of Sensitive Information to an Unauthorized Actor

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Confidentiality

Potential Impacts:

Read Application Data

Applicable Platforms

Technologies: Not Technology-Specific, Web Based, Mobile

Likelihood of Exploit: High

View CWE Details

https://github.com/FlowiseAI/Flowise/releases/tag/flowise%4…

https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.1.2

https://github.com/FlowiseAI/Flowise/security/advisories/GH…

https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-7g73-99r4-m4mj

CVE-2026-46443

Description

Exposure of Sensitive Information to an Unauthorized Actor

Common Consequences

Applicable Platforms

Iscriviti alla newsletter