CVE-2026-46443
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk10th percentile - higher than 10% of all known CVEs
Summary
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData field is not stripped from the response, potentially leading to the exposure of sensitive data.
Risk Assessment
The exposure of encrypted data may lead to security breaches, allowing attackers access to confidential information. Organizations should be aware of the risks associated with improper credential management.
Recommendation
It is recommended to upgrade to version 3.1.2 or later to mitigate this vulnerability. Additionally, conducting a security audit to assess the potential impact of this vulnerability is advisable.
Original NVD description (English source)
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData field is not stripped from the response. The code properly omits encryptedData when no filter is used but fails to do so when a filter is used. This issue has been patched in version 3.1.2.

