CVE-2026-8027
Authorization Bypass in FlowiseAI Flowise
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| flowiseai | flowise | to 3.0.12 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
| CWE-639 | The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in FlowiseAI Flowise up to version 3.0.12, specifically in the User Controller Handler component. It involves manipulation of certain arguments such as userId, organizationId, workspaceId, or email, which leads to an authorization bypass. This means an attacker can remotely exploit this weakness to gain unauthorized access or privileges.
How can this vulnerability impact me? :
The vulnerability allows an attacker to bypass authorization controls remotely by manipulating specific user-related arguments. This could result in unauthorized access to user accounts, organizational data, or workspace information, potentially compromising sensitive information or allowing actions that should be restricted.
What immediate steps should I take to mitigate this vulnerability?
The affected component should be upgraded to a version later than FlowiseAI Flowise 3.0.12 to mitigate this vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthorized cross-tenant data access by bypassing authorization checks, enabling attackers to read arbitrary user profiles and organizational data across tenants. Such unauthorized access to sensitive personal and organizational information can lead to violations of data protection regulations like GDPR and HIPAA, which mandate strict controls on access to personal and health-related data.
Specifically, the ability to enumerate users, organization memberships, and workspace structures without proper authorization increases the risk of data breaches and unauthorized disclosure of personal data, which can result in non-compliance with privacy and security requirements imposed by these standards.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the affected Flowise API endpoints for unauthorized access to user, organization, and workspace data. Specifically, the GET endpoints /api/v1/user, /api/v1/organizationuser, and /api/v1/workspaceuser should be checked to see if they allow data enumeration without proper authorization.
To detect the vulnerability, you can attempt to send authenticated GET requests with manipulated query parameters such as userId, email, or organizationId to these endpoints and observe if the responses include data from other users or organizations that should not be accessible.
Example commands using curl to test these endpoints might be:
- curl -i -H "Authorization: Bearer <token>" "http://<flowise-host>/api/v1/user?userId=someUserId"
- curl -i -H "Authorization: Bearer <token>" "http://<flowise-host>/api/v1/organizationuser?organizationId=someOrgId"
- curl -i -H "Authorization: Bearer <token>" "http://<flowise-host>/api/v1/workspaceuser?workspaceId=someWorkspaceId"
If these requests return data for users, organizations, or workspaces outside the authenticated user's scope, it indicates the presence of the authorization bypass vulnerability.