AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-5f53-522j-j454: Flowise Missing Authentication on NVIDIA NIM Endpoints

highvulnerabilityLLM-Specific

security

Source: GitHub Advisory DatabaseMarch 6, 2026CVE-2026-30824

Summary

Flowise incorrectly whitelisted the NVIDIA NIM router (`/api/v1/nvidia-nim/*`) in its authentication middleware, allowing anyone to access sensitive endpoints without logging in. This lets attackers steal NVIDIA API tokens, manipulate Docker containers, and cause denial of service attacks without needing valid credentials.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack Type

Other

Attack SophisticationTrivial

Impact (CIA+S)

confidentialityintegrity

Affected Vendors

NVIDIA

Affected Packages

flowise@<= 3.0.12 (fixed: 3.0.13)

Related Issues

medium

CVE-2022-29200: TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implem

Same vendorNVD/CVE Database

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

First tracked: March 6, 2026 at 07:00 PM

Classified by LLM (prompt v3) · confidence: 95%