This vulnerability allows remote attackers to bypass authentication on affected installations of Flowise. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 8.1. The following CVEs are assigned: CVE-2026-41276.
ZDI-26-300: Flowise AccountService resetPassword Authentication Bypass Vulnerability
Inhalt
Verknuepfte CVEs
| CVE-ID | Severity (CVE.org) | CVSS (CVE.org) | EPSS | EPSS-% | Veroeffentlicht (CVE.org) |
|---|---|---|---|---|---|
| HIGH | 7.7 | - | - | 2026-04-23 |
Quellen-Details
| Bezeichnung | Name | Kategorie | Tags | Zielgruppe | Sprache | Feed-URL |
|---|---|---|---|---|---|---|
| Zero Day Initiative (Published) | threat_intel | - | de | https://www.zerodayinitiative.com/rss/published/ |