CVE-2026-30824
Unauthenticated Access in Flowise NVIDIA NIM Router Allows Privilege Escalation
Publication date: 2026-03-07
Last updated on: 2026-03-11
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flowiseai | flowise | to 3.0.13 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-306 | The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-30824 is a high-severity vulnerability in the Flowise software (versions up to 3.0.12) where certain NVIDIA NIM API endpoints under the route `/api/v1/nvidia-nim/*` are incorrectly whitelisted in the global authentication middleware. This means these endpoints can be accessed without any authentication.'}, {'type': 'paragraph', 'content': "Because of this, attackers can access privileged container management and token generation functions without credentials. Specifically, they can retrieve valid NVIDIA API tokens, which grant access to NVIDIA's inference API and a large number of language models."}, {'type': 'paragraph', 'content': 'Additionally, attackers can manipulate container runtimes on systems with Docker/NIM installed by listing, stopping, starting containers with arbitrary images, pulling potentially malicious Docker images, and accessing container and image information.'}, {'type': 'paragraph', 'content': 'This vulnerability arises from missing authentication checks on critical functions, classified as CWE-306, and is aligned with OWASP API Security Top 10 - API2:2023 Broken Authentication. It was fixed in Flowise version 3.0.13 by removing the vulnerable route from the authentication whitelist and adding proper authentication.'}] [1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This vulnerability can have serious security and operational impacts. Attackers can gain unauthorized access to NVIDIA API tokens, allowing them to use NVIDIA's inference API and access over 170 large language models without permission."}, {'type': 'paragraph', 'content': 'They can also manipulate container environments by listing running containers, stopping containers to cause denial of service, starting containers with arbitrary and potentially malicious images, and pulling arbitrary Docker images.'}, {'type': 'paragraph', 'content': 'Such unauthorized container control can lead to service disruption, resource exhaustion, and potential introduction of malicious software, severely impacting system availability and security.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if the NVIDIA NIM router endpoints under `/api/v1/nvidia-nim/*` are accessible without authentication on your Flowise installation (versions prior to 3.0.13).'}, {'type': 'paragraph', 'content': 'You can attempt to send unauthenticated HTTP requests to the following endpoints to verify if they respond without requiring authentication:'}, {'type': 'list_item', 'content': 'GET request to `/api/v1/nvidia-nim/get-token` to check if a valid NVIDIA API token is returned without authentication.'}, {'type': 'list_item', 'content': 'GET request to `/api/v1/nvidia-nim/list-running-containers` to see if running containers can be listed without authentication.'}, {'type': 'list_item', 'content': 'POST requests to `/api/v1/nvidia-nim/stop-container`, `/start-container`, `/pull-image`, `/get-container`, and `/get-image` endpoints to test if container management actions are possible without authentication.'}, {'type': 'paragraph', 'content': 'Example curl commands to test unauthenticated access:'}, {'type': 'list_item', 'content': 'curl -X GET http://<flowise-host>/api/v1/nvidia-nim/get-token'}, {'type': 'list_item', 'content': 'curl -X GET http://<flowise-host>/api/v1/nvidia-nim/list-running-containers'}, {'type': 'list_item', 'content': 'curl -X POST http://<flowise-host>/api/v1/nvidia-nim/stop-container -d \'{"containerId":"<id>"}\' -H \'Content-Type: application/json\''}, {'type': 'paragraph', 'content': 'If these endpoints respond successfully without authentication, your system is vulnerable.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate and recommended mitigation is to upgrade Flowise to version 3.0.13 or later, where this vulnerability has been patched by removing the NVIDIA NIM route from the global authentication whitelist and presumably adding proper authentication checks.
If upgrading immediately is not possible, consider restricting network access to the `/api/v1/nvidia-nim/*` endpoints by firewall rules or reverse proxy configurations to prevent unauthenticated external access.
Additionally, monitor your container environment for any unauthorized container management activities and revoke any leaked NVIDIA API tokens if possible.