{"data":{"id":"acd4bb83-9090-461b-bcad-9b84d76dd0de","title":"CVE-2026-41273: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contain","summary":"Flowise, a tool for building customized AI workflows with a drag-and-drop interface, had a security flaw in versions before 3.1.0 that let attackers bypass authentication (skip the login process) and steal OAuth 2.0 access tokens (credentials that grant permission to access other services). Attackers could access public chatflow configuration endpoints (URLs that show workflow settings) to find OAuth credential identifiers and use them to obtain valid access tokens without needing to log in.","solution":"Update Flowise to version 3.1.0 or later, where this vulnerability is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-41273","publishedAt":"2026-04-23T20:16:15.973Z","cveId":"CVE-2026-41273","cweIds":["CWE-306"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Flowise"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-23T20:16:15.973Z","capecIds":["CAPEC-115"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010"]}}