📄 Description (English)
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functionality on cloud.flowiseai.com sends a reset password link over the unsecured HTTP protocol instead of HTTPS. This behavior introduces the risk of a man-in-the-middle (MITM) attack, where an attacker on the same network as the user (e.g., public Wi-Fi) can intercept the reset link and gain unauthorized access to the victim’s account. This vulnerability is fixed in 3.1.0.
🤖 AI Executive Summary
Flowise versions prior to 3.1.0 transmit password reset links over unencrypted HTTP instead of HTTPS, enabling man-in-the-middle attacks on users connecting from public networks. An attacker can intercept reset tokens and gain unauthorized account access. This vulnerability affects cloud.flowiseai.com and poses significant risk to organizations using Flowise for LLM workflow management, particularly in Saudi Arabia where public Wi-Fi usage is prevalent.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 2, 2026 06:54
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations in financial services, government digital transformation initiatives, and healthcare sectors using Flowise for AI/LLM applications are at risk. SAMA-regulated financial institutions face compliance violations if customer data is compromised through this vulnerability. Government agencies under NCA oversight using Flowise for internal AI workflows could experience unauthorized access to sensitive systems. Telecom operators (STC, Mobily, Zain) and energy sector organizations leveraging Flowise for customer service automation are particularly vulnerable due to employee access from public networks and mobile connectivity.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Healthcare and Medical Services
Energy and Utilities
Telecommunications
Insurance
E-commerce and Retail
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Upgrade Flowise to version 3.1.0 or later immediately
2. Force password reset for all users after patching
3. Audit account access logs for suspicious login patterns since deployment
4. Restrict Flowise access to corporate VPN/secure networks only
PATCHING GUIDANCE:
- Deploy version 3.1.0+ across all Flowise instances
- Verify HTTPS enforcement on all endpoints via SSL/TLS certificate validation
- Test password reset functionality to confirm HTTPS transmission
COMPENSATING CONTROLS (if immediate patching delayed):
- Implement network segmentation to restrict Flowise access to trusted networks
- Deploy reverse proxy with mandatory HTTPS enforcement
- Use WAF rules to block HTTP password reset requests
- Implement certificate pinning for Flowise communications
DETECTION RULES:
- Monitor for HTTP traffic on port 80 to cloud.flowiseai.com
- Alert on password reset requests without TLS/SSL encryption
- Track failed login attempts following password reset requests
- Monitor for token reuse patterns indicating MITM interception
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. ترقية Flowise إلى الإصدار 3.1.0 أو أحدث فوراً
2. فرض إعادة تعيين كلمة المرور لجميع المستخدمين بعد التصحيح
3. تدقيق سجلات الوصول للحسابات للبحث عن أنماط تسجيل دخول مريبة
4. تقييد الوصول إلى Flowise على الشبكات الآمنة والشبكات الخاصة الافتراضية فقط
إرشادات التصحيح:
- نشر الإصدار 3.1.0 أو أحدث عبر جميع مثيلات Flowise
- التحقق من فرض HTTPS على جميع نقاط النهاية عبر التحقق من شهادة SSL/TLS
- اختبار وظيفة إعادة تعيين كلمة المرور للتأكد من نقل HTTPS
الضوابط البديلة (إذا تأخر التصحيح الفوري):
- تنفيذ تقسيم الشبكة لتقييد الوصول إلى Flowise على الشبكات الموثوقة
- نشر وكيل عكسي مع فرض HTTPS إلزامي
- استخدام قواعد جدار الحماية لحظر طلبات إعادة تعيين كلمة المرور عبر HTTP
- تنفيذ تثبيت الشهادة لاتصالات Flowise
قواعد الكشف:
- مراقبة حركة HTTP على المنفذ 80 إلى cloud.flowiseai.com
- تنبيهات على طلبات إعادة تعيين كلمة المرور بدون تشفير TLS/SSL
- تتبع محاولات تسجيل الدخول الفاشلة بعد طلبات إعادة تعيين كلمة المرور
- مراقبة أنماط إعادة استخدام الرموز التي تشير إلى اعتراض MITM
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.10.1.1 - Cryptographic controls for data in transit
ECC 2024 A.10.2.1 - Secure authentication mechanisms
ECC 2024 A.5.2.1 - User access management and password policies
ECC 2024 A.12.4.1 - Event logging and monitoring
🔵 SAMA CSF
SAMA CSF 1.1 - Information Security Governance
SAMA CSF 2.2 - Data Protection and Privacy
SAMA CSF 3.1 - Access Control and Authentication
SAMA CSF 4.2 - Incident Detection and Response
🟡 ISO 27001:2022
ISO 27001:2022 A.5.15 - Encryption and cryptography
ISO 27001:2022 A.5.16 - Management of cryptographic keys
ISO 27001:2022 A.8.3 - Authentication
ISO 27001:2022 A.8.2 - User access management
🟣 PCI DSS v4.0.1
PCI DSS 4.1 - Strong cryptography for data in transit
PCI DSS 6.5.10 - Broken authentication and session management
PCI DSS 8.2.3 - Strong authentication mechanisms
🔗 References & Sources 3
🔗
https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-x5w6-38gp-mrqh
security-advisories@github.com
Exploit
Mitigation
Vendor Advisory
🔗
https://hackerone.com/reports/1888915
security-advisories@github.com
Exploit
Third Party Advisory
🔗
https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-x5w6-38gp-mrqh
134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Mitigation
Vendor Advisory
📦 Affected Products / CPE 1 entries
flowiseai:flowise