{"data":{"id":"c895b4df-7bd8-46b3-ba8e-5b2ae23a66e3","title":"CVE-2026-41278: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1","summary":"Flowise, a tool that lets users build custom AI workflows through a drag-and-drop interface, had a security flaw in versions before 3.1.0 where the public API endpoint (GET /api/v1/public-chatflows/:id) exposed sensitive data without filtering. The flaw revealed credential IDs, plaintext API keys (secret codes used to access other services), and password fields in the raw workflow data, making it possible for unauthorized people to see this sensitive information.","solution":"Update Flowise to version 3.1.0 or later, where this vulnerability is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-41278","publishedAt":"2026-04-23T20:16:16.550Z","cveId":"CVE-2026-41278","cweIds":["CWE-200"],"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Flowise"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-23T20:16:16.550Z","capecIds":["CAPEC-116"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}