CVE-2026-30824
Received Received - Intake
Unauthenticated Access in Flowise NVIDIA NIM Router Allows Privilege Escalation

Publication date: 2026-03-07

Last updated on: 2026-03-11

Assigner: GitHub, Inc.

Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NVIDIA NIM router (/api/v1/nvidia-nim/*) is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and token generation endpoints. This issue has been patched in version 3.0.13.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-07
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-07
EPSS Evaluated
2026-06-15
NVD
CVE-2026-30824
EUVD
EUVD-2026-10111
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
flowiseai flowise to 3.0.13 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-306 The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-30824 is a high-severity vulnerability in the Flowise software (versions up to 3.0.12) where certain NVIDIA NIM API endpoints under the route `/api/v1/nvidia-nim/*` are incorrectly whitelisted in the global authentication middleware. This means these endpoints can be accessed without any authentication.'}, {'type': 'paragraph', 'content': "Because of this, attackers can access privileged container management and token generation functions without credentials. Specifically, they can retrieve valid NVIDIA API tokens, which grant access to NVIDIA's inference API and a large number of language models."}, {'type': 'paragraph', 'content': 'Additionally, attackers can manipulate container runtimes on systems with Docker/NIM installed by listing, stopping, starting containers with arbitrary images, pulling potentially malicious Docker images, and accessing container and image information.'}, {'type': 'paragraph', 'content': 'This vulnerability arises from missing authentication checks on critical functions, classified as CWE-306, and is aligned with OWASP API Security Top 10 - API2:2023 Broken Authentication. It was fixed in Flowise version 3.0.13 by removing the vulnerable route from the authentication whitelist and adding proper authentication.'}] [1]

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability can have serious security and operational impacts. Attackers can gain unauthorized access to NVIDIA API tokens, allowing them to use NVIDIA's inference API and access over 170 large language models without permission."}, {'type': 'paragraph', 'content': 'They can also manipulate container environments by listing running containers, stopping containers to cause denial of service, starting containers with arbitrary and potentially malicious images, and pulling arbitrary Docker images.'}, {'type': 'paragraph', 'content': 'Such unauthorized container control can lead to service disruption, resource exhaustion, and potential introduction of malicious software, severely impacting system availability and security.'}] [1]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if the NVIDIA NIM router endpoints under `/api/v1/nvidia-nim/*` are accessible without authentication on your Flowise installation (versions prior to 3.0.13).'}, {'type': 'paragraph', 'content': 'You can attempt to send unauthenticated HTTP requests to the following endpoints to verify if they respond without requiring authentication:'}, {'type': 'list_item', 'content': 'GET request to `/api/v1/nvidia-nim/get-token` to check if a valid NVIDIA API token is returned without authentication.'}, {'type': 'list_item', 'content': 'GET request to `/api/v1/nvidia-nim/list-running-containers` to see if running containers can be listed without authentication.'}, {'type': 'list_item', 'content': 'POST requests to `/api/v1/nvidia-nim/stop-container`, `/start-container`, `/pull-image`, `/get-container`, and `/get-image` endpoints to test if container management actions are possible without authentication.'}, {'type': 'paragraph', 'content': 'Example curl commands to test unauthenticated access:'}, {'type': 'list_item', 'content': 'curl -X GET http://<flowise-host>/api/v1/nvidia-nim/get-token'}, {'type': 'list_item', 'content': 'curl -X GET http://<flowise-host>/api/v1/nvidia-nim/list-running-containers'}, {'type': 'list_item', 'content': 'curl -X POST http://<flowise-host>/api/v1/nvidia-nim/stop-container -d \'{"containerId":"<id>"}\' -H \'Content-Type: application/json\''}, {'type': 'paragraph', 'content': 'If these endpoints respond successfully without authentication, your system is vulnerable.'}] [1]

Mitigation Strategies

The immediate and recommended mitigation is to upgrade Flowise to version 3.0.13 or later, where this vulnerability has been patched by removing the NVIDIA NIM route from the global authentication whitelist and presumably adding proper authentication checks.

If upgrading immediately is not possible, consider restricting network access to the `/api/v1/nvidia-nim/*` endpoints by firewall rules or reverse proxy configurations to prevent unauthenticated external access.

Additionally, monitor your container environment for any unauthorized container management activities and revoke any leaked NVIDIA API tokens if possible.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30824. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart