CVE-2026-46440
CriticalCVSS 9.1Exploitation Probability (EPSS)
Low risk11th percentile — higher than 11% of all known CVEs
Summary
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison.
Risk Assessment
The lack of proper credential protection may lead to unauthorized access to the system, posing a serious security threat to the organization.
Recommendation
It is recommended to upgrade to version 3.1.2 or later to patch this vulnerability and implement appropriate security measures.
Original NVD description (English source)
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2.

