GHSA-w47f-j8rh-wx87: Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs
Summary
Flowise version 3.0.13 has a security flaw where public chatflow endpoints return unsanitized data (raw information without filtering) that includes plaintext API keys, passwords, and credential IDs (unique references to stored login credentials). This happens because the code returns the complete chatflow object without removing sensitive fields, potentially exposing users' third-party account credentials and internal system architecture.
Solution / Mitigation
According to the source, apply sanitization to both public endpoints by calling `sanitizeFlowDataForPublicEndpoint(chatflow)` before returning the response, and ensure the sanitization function removes all `credential`, `password`, `apiKey`, and `secretKey` fields from the flowData. The source notes this sanitization function exists only in unreleased HEAD code, not in released v3.0.13.
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-w47f-j8rh-wx87
First tracked: April 17, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 95%