GHSA-5fw2-mwhh-9947: Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials
Summary
Flowise has a text-to-speech endpoint that doesn't require authentication but accepts a credential ID (an identifier for stored API keys like OpenAI or ElevenLabs) directly from user input. An attacker can use this to access someone else's stored API credentials and generate speech using the victim's API account, burning their API credits without permission.
Solution / Mitigation
Remove the TTS endpoint from the whitelist (the list of endpoints that don't need login), or add a check to ensure the credential ID matches the chatflow's TTS configuration. The source suggests: 'if (!chatflowId) { return res.status(401).json({ message: "Authentication required" }) }' — meaning if no chatflow ID is provided, the endpoint should reject the request with an authentication error.
Classification
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-5fw2-mwhh-9947
First tracked: April 17, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%