{"data":{"id":"96135911-abf6-4c15-98f2-d82145a46e6f","title":"GHSA-5fw2-mwhh-9947: Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials","summary":"Flowise has a text-to-speech endpoint that doesn't require authentication but accepts a credential ID (an identifier for stored API keys like OpenAI or ElevenLabs) directly from user input. An attacker can use this to access someone else's stored API credentials and generate speech using the victim's API account, burning their API credits without permission.","solution":"Remove the TTS endpoint from the whitelist (the list of endpoints that don't need login), or add a check to ensure the credential ID matches the chatflow's TTS configuration. The source suggests: 'if (!chatflowId) { return res.status(401).json({ message: \"Authentication required\" }) }' — meaning if no chatflow ID is provided, the endpoint should reject the request with an authentication error.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-5fw2-mwhh-9947","publishedAt":"2026-04-17T21:35:14.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["pii_leakage"],"issueType":"vulnerability","affectedPackages":["flowise@<= 3.0.13 (fixed: 3.1.0)"],"affectedVendors":["OpenAI"],"affectedVendorsRaw":["Flowise","OpenAI","ElevenLabs","Azure","Google"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-04-17T21:35:14.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}