CVE-2026-46443
6.5 MEDIUMFlowise is a drag & drop user interface to build a customized large language model flow
Published: 2026-06-08 · Last updated: 2026-06-11
Severity and scoring
- CVSS
- 6.5 MEDIUM
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
- CWE
- CWE-200
Affected products
| Vendor | Product |
|---|---|
| flowiseai | flowise |
Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData field is not stripped from the response. The code properly omits encryptedData when no filter is used but fails to do so when a filter is used. This issue has been patched in version 3.1.2.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-46443
- [Other]https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.1.2
- [Vendor advisory]https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-7g73-99r4-m4mj
- [Vendor advisory]https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-7g73-99r4-m4mj
Related CVEs
Same vendor
- CVE-2026-46480 — Flowise is a drag & drop user interface to build a customized large language model flow (8.8 HIGH)
- CVE-2026-46444 — Flowise is a drag & drop user interface to build a customized large language model flow (8.8 HIGH)
- CVE-2026-46442 — Flowise is a drag & drop user interface to build a customized large language model flow (9.9 CRITICAL)
- CVE-2026-46441 — Flowise is a drag & drop user interface to build a customized large language model flow (9.6 CRITICAL)
- CVE-2026-46440 — Flowise is a drag & drop user interface to build a customized large language model flow (9.1 CRITICAL)
Same CWE
- CVE-2026-49219 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
- CVE-2026-47165 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.1 MEDIUM)
- CVE-2026-48855 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Discovery
- CVE-2026-45329 — ESF-IDF is the Espressif Internet of Things (IOT) Development Framework (7.1 HIGH)
- CVE-2026-36719 — An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain ... (7.5 HIGH)