CVE-2026-30824 Overview
Flowise, a drag-and-drop user interface for building customized large language model (LLM) flows, contains an authentication bypass vulnerability in versions prior to 3.0.13. The NVIDIA NIM router (/api/v1/nvidia-nim/*) is improperly whitelisted in the global authentication middleware, allowing unauthenticated attackers to access privileged container management and token generation endpoints. This missing authentication for critical functions (CWE-306) enables remote attackers to interact with sensitive API endpoints without providing valid credentials.
Critical Impact
Unauthenticated attackers can access privileged container management and token generation endpoints, potentially leading to unauthorized control over LLM infrastructure and credential theft.
Affected Products
- Flowise versions prior to 3.0.13
- FlowiseAI Flowise (all installations using NVIDIA NIM integration)
- Self-hosted Flowise deployments with default authentication configurations
Discovery Timeline
- 2026-03-07 - CVE CVE-2026-30824 published to NVD
- 2026-03-11 - Last updated in NVD database
Technical Details for CVE-2026-30824
Vulnerability Analysis
This vulnerability stems from an overly permissive whitelist configuration in Flowise's global authentication middleware. The NVIDIA NIM router path (/api/v1/nvidia-nim/*) was added to the authentication bypass whitelist, likely intended for specific integration purposes but inadvertently exposing critical functionality to unauthenticated users.
The affected endpoints include container management capabilities and token generation functions. When exploited, an attacker can interact with these privileged APIs without any authentication, effectively bypassing the intended security controls entirely. This type of authentication bypass is particularly dangerous in LLM orchestration platforms like Flowise, as it can grant attackers access to sensitive AI infrastructure, model configurations, and potentially allow them to generate tokens for further unauthorized access.
Root Cause
The root cause is improper access control implementation where the NVIDIA NIM API routes were incorrectly added to the global authentication whitelist. This design flaw allows the routes matching /api/v1/nvidia-nim/* to bypass authentication checks that are enforced on other protected endpoints. The middleware configuration failed to properly scope which endpoints should remain unauthenticated, resulting in privileged functionality being exposed without credential requirements.
Attack Vector
The vulnerability is exploitable over the network without requiring any authentication or user interaction. An attacker simply needs network access to a vulnerable Flowise instance to exploit this vulnerability. The attack involves sending HTTP requests directly to the whitelisted NVIDIA NIM router endpoints.
The exploitation path typically involves:
- Identifying a Flowise instance exposed to the network
- Sending unauthenticated requests to /api/v1/nvidia-nim/ endpoints
- Accessing container management functions or generating tokens
- Leveraging obtained access for further compromise of the LLM infrastructure
For technical details on the vulnerability mechanics, refer to the GitHub Security Advisory.
Detection Methods for CVE-2026-30824
Indicators of Compromise
- Unexpected HTTP requests to /api/v1/nvidia-nim/* endpoints from untrusted IP addresses
- Authentication logs showing successful API calls without corresponding authentication events
- Unusual token generation activity or container management operations in application logs
- Network traffic patterns indicating enumeration or brute-force attempts against NIM endpoints
Detection Strategies
- Monitor web server access logs for requests to /api/v1/nvidia-nim/* paths, especially from external sources
- Implement alerting for API calls to NVIDIA NIM endpoints that lack authentication headers
- Deploy network intrusion detection rules to flag unauthenticated access attempts to Flowise APIs
- Audit application logs for container management operations that lack associated user sessions
Monitoring Recommendations
- Enable verbose logging on Flowise instances to capture all API requests with full request details
- Configure SIEM rules to correlate authentication failures with subsequent successful API access
- Set up real-time alerts for any access to NVIDIA NIM endpoints from non-whitelisted IP ranges
- Review access patterns regularly to identify anomalous behavior targeting the affected routes
How to Mitigate CVE-2026-30824
Immediate Actions Required
- Upgrade Flowise to version 3.0.13 or later immediately
- If immediate upgrade is not possible, implement network-level restrictions to block access to /api/v1/nvidia-nim/* endpoints
- Review access logs for any evidence of prior exploitation
- Rotate any tokens that may have been generated through the vulnerable endpoints
Patch Information
FlowiseAI has addressed this vulnerability in version 3.0.13. The patch properly removes the NVIDIA NIM router from the authentication whitelist, ensuring all requests to these endpoints require valid authentication. Users should upgrade to this version or later to remediate the vulnerability. For detailed release information, see the Flowise 3.0.13 Release Notes.
Workarounds
- Deploy a reverse proxy or web application firewall (WAF) to block unauthenticated requests to /api/v1/nvidia-nim/*
- Implement network segmentation to restrict access to Flowise instances from trusted networks only
- Use firewall rules to limit inbound connections to Flowise to authorized IP addresses
- Disable NVIDIA NIM integration if not actively required until the patch can be applied
# Example nginx configuration to block unauthenticated access
location /api/v1/nvidia-nim/ {
# Require authentication or restrict access
deny all;
# Or limit to specific trusted IPs
# allow 10.0.0.0/8;
# deny all;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
