CVE-2026-8027
Analyzed Analyzed - Analysis Complete
Authorization Bypass in FlowiseAI Flowise

Publication date: 2026-05-06

Last updated on: 2026-05-07

Assigner: VulDB

Description
A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated remotely. The affected component should be upgraded.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-05-06
EPSS Evaluated
2026-06-14
NVD
CVE-2026-8027
EUVD
EUVD-2026-27830
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
flowiseai flowise to 3.0.12 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in FlowiseAI Flowise up to version 3.0.12, specifically in the User Controller Handler component. It involves manipulation of certain arguments such as userId, organizationId, workspaceId, or email, which leads to an authorization bypass. This means an attacker can remotely exploit this weakness to gain unauthorized access or privileges.

Impact Analysis

The vulnerability allows an attacker to bypass authorization controls remotely by manipulating specific user-related arguments. This could result in unauthorized access to user accounts, organizational data, or workspace information, potentially compromising sensitive information or allowing actions that should be restricted.

Mitigation Strategies

The affected component should be upgraded to a version later than FlowiseAI Flowise 3.0.12 to mitigate this vulnerability.

Compliance Impact

This vulnerability allows unauthorized cross-tenant data access by bypassing authorization checks, enabling attackers to read arbitrary user profiles and organizational data across tenants. Such unauthorized access to sensitive personal and organizational information can lead to violations of data protection regulations like GDPR and HIPAA, which mandate strict controls on access to personal and health-related data.

Specifically, the ability to enumerate users, organization memberships, and workspace structures without proper authorization increases the risk of data breaches and unauthorized disclosure of personal data, which can result in non-compliance with privacy and security requirements imposed by these standards.

Detection Guidance

This vulnerability can be detected by testing the affected Flowise API endpoints for unauthorized access to user, organization, and workspace data. Specifically, the GET endpoints /api/v1/user, /api/v1/organizationuser, and /api/v1/workspaceuser should be checked to see if they allow data enumeration without proper authorization.

To detect the vulnerability, you can attempt to send authenticated GET requests with manipulated query parameters such as userId, email, or organizationId to these endpoints and observe if the responses include data from other users or organizations that should not be accessible.

Example commands using curl to test these endpoints might be:

  • curl -i -H "Authorization: Bearer <token>" "http://<flowise-host>/api/v1/user?userId=someUserId"
  • curl -i -H "Authorization: Bearer <token>" "http://<flowise-host>/api/v1/organizationuser?organizationId=someOrgId"
  • curl -i -H "Authorization: Bearer <token>" "http://<flowise-host>/api/v1/workspaceuser?workspaceId=someWorkspaceId"

If these requests return data for users, organizations, or workspaces outside the authenticated user's scope, it indicates the presence of the authorization bypass vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-8027. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart