{"data":{"id":"01683808-a19f-4201-92e4-ecad7e3a61a4","title":"CVE-2026-46440: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the che","summary":"Flowise is a tool with a drag-and-drop interface for building customized AI workflows. Before version 3.1.2, the checkBasicAuth endpoint (a part of the system that checks user login credentials) had a security flaw where it validated passwords in plaintext (unencrypted text) without rate limiting (restrictions on how many attempts someone can make) and compared them directly, making it vulnerable to attacks.","solution":"Update to version 3.1.2, which patches this vulnerability.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-46440","publishedAt":"2026-06-08T16:16:41.043Z","cveId":"CVE-2026-46440","cweIds":["CWE-522"],"cvssScore":null,"cvssSeverity":null,"severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Flowise"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-08T16:16:41.043Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}