Vulnerabilities ›

CVE-2026-41279

High ⚡ Exploit Available

CWE-639 — Weakness Type

                    Published: Apr 23, 2026                      ·  Modified: Apr 30, 2026                      ·  Source: NVD                

CVSS v3

7.5

🔗 NVD Official

📄 Description (English)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint (POST /api/v1/text-to-speech/generate) is whitelisted (no auth) and accepts a credentialId directly in the request body. When called without a chatflowId, the endpoint uses the provided credentialId to decrypt the stored credential (e.g., OpenAI or ElevenLabs API key) and generate speech. This vulnerability is fixed in 3.1.0.

🤖 AI Executive Summary

Flowise versions prior to 3.1.0 contain an authentication bypass vulnerability in the text-to-speech endpoint that allows unauthenticated attackers to extract encrypted API credentials (OpenAI, ElevenLabs, etc.) by directly specifying a credentialId. This critical flaw enables unauthorized access to third-party AI services and potential credential theft without authentication. The vulnerability is actively exploitable and affects all organizations using Flowise for LLM workflows.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 2, 2026 03:19

🇸🇦 Saudi Arabia Impact Assessment

Saudi organizations leveraging Flowise for AI-powered customer service, chatbots, and LLM applications face critical risk of API credential exposure. Most impacted sectors: Banking (SAMA-regulated institutions using AI for customer interactions), Government (digital transformation initiatives), Telecommunications (STC, Mobily using AI chatbots), Healthcare (MOHSR-regulated entities), and Energy (ARAMCO subsidiaries). Attackers can extract OpenAI, ElevenLabs, and other API keys to conduct unauthorized transactions, generate fraudulent content, or pivot to backend systems. Financial impact includes unauthorized API usage charges and potential regulatory violations under SAMA cybersecurity requirements.

🏢 Affected Saudi Sectors

Banking and Financial Services Government and Public Administration Telecommunications Healthcare Energy and Utilities E-commerce and Retail Insurance Education

🎯 MITRE ATT&CK Techniques

T1110 - Brute Force: Credential enumeration via credentialId parameter T1555 - Credentials from Password Stores: API credential extraction from Flowise storage T1589 - Gather Victim Identity Information: Credential harvesting T1526 - Cloud Service Discovery: Enumeration of stored API credentials T1078 - Valid Accounts: Use of stolen API credentials for unauthorized access T1199 - Trusted Relationship: Exploitation of third-party API integrations

⚖️ Saudi Risk Score (AI)

8.7

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Upgrade Flowise to version 3.1.0 or later immediately

2. Audit all API credentials stored in Flowise instances (OpenAI, ElevenLabs, etc.) and rotate them immediately

3. Review access logs for POST /api/v1/text-to-speech/generate requests without chatflowId parameter

4. Disable or restrict network access to Flowise instances until patched



PATCHING GUIDANCE:

- Deploy version 3.1.0+ across all Flowise deployments

- Test in staging environment before production rollout

- Verify authentication is enforced on text-to-speech endpoint post-patch



COMPENSATING CONTROLS (if immediate patching delayed):

- Implement WAF rules to block POST /api/v1/text-to-speech/generate requests containing credentialId parameter

- Restrict Flowise network access to authorized internal networks only

- Implement API rate limiting on text-to-speech endpoint

- Monitor for suspicious credentialId patterns in request logs



DETECTION RULES:

- Alert on POST /api/v1/text-to-speech/generate without chatflowId parameter

- Monitor for repeated requests with different credentialId values

- Track API key usage spikes in OpenAI/ElevenLabs accounts post-compromise

- Log all unauthenticated requests to /api/v1/text-to-speech/generate endpoint

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. ترقية Flowise إلى الإصدار 3.1.0 أو أحدث على الفور

2. تدقيق جميع بيانات اعتماد API المخزنة في مثيلات Flowise (OpenAI و ElevenLabs وغيرها) وتدويرها على الفور

3. مراجعة سجلات الوصول لطلبات POST /api/v1/text-to-speech/generate بدون معامل chatflowId

4. تعطيل أو تقييد الوصول إلى شبكة مثيلات Flowise حتى يتم تطبيق الرقعة



إرشادات التصحيح:

- نشر الإصدار 3.1.0+ عبر جميع نشرات Flowise

- الاختبار في بيئة التدريج قبل نشر الإنتاج

- التحقق من فرض المصادقة على نقطة نهاية تحويل النص إلى كلام بعد التصحيح



الضوابط البديلة (إذا تأخر التصحيح الفوري):

- تنفيذ قواعد WAF لحظر طلبات POST /api/v1/text-to-speech/generate التي تحتوي على معامل credentialId

- تقييد الوصول إلى شبكة Flowise للشبكات الداخلية المصرح بها فقط

- تنفيذ تحديد معدل API على نقطة نهاية تحويل النص إلى كلام

- مراقبة أنماط credentialId المريبة في سجلات الطلب



قواعد الكشف:

- تنبيه على POST /api/v1/text-to-speech/generate بدون معامل chatflowId

- مراقبة الطلبات المتكررة بقيم credentialId مختلفة

- تتبع ارتفاع استخدام مفاتيح API في حسابات OpenAI/ElevenLabs بعد الاختراق

- تسجيل جميع الطلبات غير المصرح بها إلى نقطة نهاية /api/v1/text-to-speech/generate

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.6.1.1 - Access Control: Authentication mechanisms not enforced on API endpoints ECC 2024 A.6.2.1 - User Access Management: Credential exposure without authorization ECC 2024 A.8.2.1 - Cryptography: Improper credential decryption without authentication ECC 2024 A.12.4.1 - Logging and Monitoring: Insufficient audit trails for API access

🔵 SAMA CSF

SAMA CSF ID.AM-2: Asset Management - Uncontrolled API credential exposure SAMA CSF PR.AC-1: Access Control - Authentication bypass on critical endpoints SAMA CSF PR.DS-1: Data Security - Encryption rendered ineffective without access controls SAMA CSF DE.AE-1: Anomalies and Events - Lack of detection for unauthorized credential access

🟡 ISO 27001:2022

ISO 27001:2022 A.5.15 - Access Control: Authentication not enforced ISO 27001:2022 A.8.3 - Cryptography: Credential decryption without proper authorization ISO 27001:2022 A.8.1 - User Endpoint Devices: API key exposure ISO 27001:2022 A.12.4.1 - Event Logging: Insufficient logging of unauthorized access attempts

🟣 PCI DSS v4.0.1

PCI DSS 2.1 - Default credentials and security parameters must be changed PCI DSS 6.5.10 - Broken authentication and session management PCI DSS 7.1 - Access to cardholder data must be restricted by business need PCI DSS 10.2 - User access to cardholder data must be logged and monitored

🔗 References & Sources 1

🔗

https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-5fw2-mwhh-9947

security-advisories@github.com

Exploit Vendor Advisory

📦 Affected Products / CPE 1 entries

flowiseai:flowise

📊 CVSS Score

7.5

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityH — High

📋 Quick Facts

Severity High

CVSS Score7.5

CWECWE-639

EPSS0.05%

Exploit ✓ Yes

Patch ✗ No

Published 2026-04-23

Source Feed nvd

🇸🇦 Saudi Risk Score

8.7

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

exploit-available CWE-639

🏢 Vendor Advisories

🔗 https://github.com/FlowiseAI/Flowise/security/adviso...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-41279

💬 Comments

Introduce Yourself

Sign In Required