wid-sec-w-2026-0626 · Published 2026-03-05 · View on BSI CERT-Bund ↗

Flowise: Multiple Vulnerabilities

CVSS 8.8 HIGH

Risk Summary

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, unauthenticated users can inject arbitrary values into internal database fields when creating leads. This issue has been patched in version 3.0.13.

CVEs (5)

CVE-2026-30820 CVE-2026-30821 CVE-2026-30822 CVE-2026-30823 CVE-2026-30824

Affected Vendors

Open Source

Affected Products (2)

Open Source · Flowise <3.0.13

Open Source · Flowise 3.0.13

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more