GHSA-7g73-99r4-m4mj: FlowiseAI Vulnerable to Credential Data Leak
highvulnerability
security
Source: GitHub Advisory DatabaseMay 14, 2026
Summary
FlowiseAI has a vulnerability where encrypted credential data (like API keys and passwords) is accidentally exposed when users request credentials using a filter parameter. The code correctly hides this sensitive data when no filter is used, but fails to remove it when filtering by credential name, allowing authenticated users to steal encrypted credentials if they also access the encryption key file stored on the system.
Classification
Attack Type
Data Extraction
Attack SophisticationTrivial
Impact (CIA+S)
confidentiality
AI Component TargetedAPI
Affected Vendors
OpenAI
Affected Packages
flowise@<= 3.1.1 (fixed: 3.1.2)
Related Issues
Monthly digest — independent AI security research
Original source: https://github.com/advisories/GHSA-7g73-99r4-m4mj
First tracked: May 14, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 95%