CVE-2026-41276
Published: 23 April 2026
Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to bypass authentication on affected installations of FlowiseAI Flowise. Authentication is not required to exploit this…
more
vulnerability. The specific flaw exists within the resetPassword method of the AccountService class. There is no check performed to ensure that a password reset token has actually been generated for a user account. By default the value of the reset token stored in a users account is null, or an empty string if they've reset their password before. An attacker with knowledge of the user's email address can submit a request to the "/api/v1/account/reset-password" endpoint containing a null or empty string reset token value and reset that user's password to a value of their choosing. This vulnerability is fixed in 3.1.0.
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the CVE by requiring timely remediation of the password reset flaw through patching to version 3.1.0 or equivalent fixes.
Requires validation of the reset token input at the /api/v1/account/reset-password endpoint to reject null or empty values that enable unauthorized password resets.
Ensures proper generation, distribution, and validation of password reset tokens as authenticators, preventing bypass via unverified null or empty tokens.
Security SummaryAI
CVE-2026-41276 is an authentication bypass vulnerability affecting FlowiseAI Flowise, an open-source drag-and-drop user interface for building customized large language model flows, in versions prior to 3.1.0. The flaw resides in the resetPassword method of the AccountService class, where no validation occurs to confirm that a password reset token has been generated for the target user account. By default, the reset token value stored in user accounts is null or an empty string, particularly if the user has previously reset their password.
Remote attackers can exploit this vulnerability without authentication by knowing only the target user's email address. They submit a request to the /api/v1/account/reset-password endpoint with a null or empty string as the reset token value, allowing them to overwrite the user's password with one of their choosing. This enables full account takeover, granting attackers high confidentiality, integrity, and availability impacts as reflected in the CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), linked to CWE-287 (Improper Authentication).
The GitHub security advisory (GHSA-f6hc-c5jr-878p) confirms the issue is resolved in Flowise version 3.1.0, recommending that users upgrade immediately to mitigate the risk. No additional workarounds are specified in the provided references.
Flowise's role in constructing LLM-based workflows introduces AI/ML relevance, as compromised instances could potentially allow attackers to manipulate or exfiltrate custom model flows. No evidence of real-world exploitation is noted in the available details.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- MITRE ATLAS Techniques
- None mapped
- Classification Reason
- Matched keywords: large language model
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables unauthenticated exploitation of a public-facing web application API endpoint (T1190) to bypass authentication and perform account takeover by resetting passwords, facilitating the use of valid accounts (T1078).