CVE Catalog

CVE-2026-46443

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

10th percentile - higher than 10% of all known CVEs

Summary

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData field is not stripped from the response, potentially leading to the exposure of sensitive data.

Risk Assessment

The exposure of encrypted data may lead to security breaches, allowing attackers access to confidential information. Organizations should be aware of the risks associated with improper credential management.

Recommendation

It is recommended to upgrade to version 3.1.2 or later to mitigate this vulnerability. Additionally, conducting a security audit to assess the potential impact of this vulnerability is advisable.

Original NVD description (English source)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData field is not stripped from the response. The code properly omits encryptedData when no filter is used but fails to do so when a filter is used. This issue has been patched in version 3.1.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS