{"data":{"id":"18dc342d-a32c-4275-a8bb-13e9a0a2e14d","title":"CVE-2026-41275: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password re","summary":"Flowise, a tool for building AI workflows using a drag-and-drop interface, had a security flaw in versions before 3.1.0 where password reset links were sent over HTTP (unencrypted internet connection) instead of HTTPS (encrypted connection). This allowed attackers on the same network, such as on public Wi-Fi, to intercept these reset links through a MITM attack (man-in-the-middle attack, where someone secretly reads messages between two parties) and take over user accounts.","solution":"Update Flowise to version 3.1.0 or later, where this vulnerability is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-41275","publishedAt":"2026-04-23T20:16:16.117Z","cveId":"CVE-2026-41275","cweIds":["CWE-319"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Flowise"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-23T20:16:16.117Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}