Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-41273

CVE-2026-41273: Flowise Authentication Bypass Vulnerability

CVE-2026-41273 is an authentication bypass flaw in Flowise that allows attackers to obtain OAuth 2.0 access tokens without authentication. This article covers the technical details, affected versions, impact, and mitigation.

Published:

CVE-2026-41273 Overview

CVE-2026-41273 is an authentication bypass vulnerability in Flowise, a drag-and-drop user interface for building customized large language model (LLM) workflows. Prior to version 3.1.0, the application exposes a critical security flaw that allows unauthenticated attackers to obtain OAuth 2.0 access tokens associated with public chatflows.

By accessing a public chatflow configuration endpoint, an attacker can retrieve internal workflow data, including OAuth credential identifiers. These identifiers can then be exploited to refresh and obtain valid OAuth 2.0 access tokens without requiring any authentication. This vulnerability effectively bypasses authentication controls and grants unauthorized access to protected OAuth resources.

Critical Impact

Unauthenticated attackers can steal OAuth 2.0 access tokens, potentially gaining unauthorized access to integrated third-party services and sensitive data connected to Flowise workflows.

Affected Products

  • Flowise versions prior to 3.1.0
  • Flowise instances with public chatflows configured with OAuth integrations
  • Systems utilizing Flowise OAuth credential storage mechanisms

Discovery Timeline

  • 2026-04-23 - CVE CVE-2026-41273 published to NVD
  • 2026-04-23 - Last updated in NVD database

Technical Details for CVE-2026-41273

Vulnerability Analysis

This vulnerability is classified under CWE-306 (Missing Authentication for Critical Function). The root issue lies in Flowise's handling of public chatflow configurations, where sensitive OAuth credential information is exposed through an endpoint that lacks proper authentication controls.

When a chatflow is marked as public, the configuration endpoint returns internal workflow data that includes OAuth credential identifiers. These identifiers are sufficient for an attacker to invoke token refresh operations, effectively generating new valid OAuth 2.0 access tokens. The attack is network-based and requires no prior authentication or user interaction, making it particularly dangerous for internet-facing Flowise deployments.

The downstream impact extends beyond the Flowise application itself. Since OAuth tokens may grant access to external services such as cloud platforms, APIs, or enterprise systems, successful exploitation could lead to lateral movement and data breaches across connected infrastructure.

Root Cause

The vulnerability stems from missing authentication enforcement on the public chatflow configuration endpoint. When Flowise serves chatflow configuration data for public-facing chatbots, it inadvertently includes internal OAuth credential identifiers in the response. The application fails to distinguish between public-safe chatflow metadata and sensitive credential information that should remain protected.

Additionally, the OAuth token refresh mechanism does not validate whether the requesting entity is authorized to use the stored credentials, allowing any party with knowledge of the credential identifiers to generate valid access tokens.

Attack Vector

An attacker exploits this vulnerability through a straightforward network-based attack:

  1. Discovery: The attacker identifies a Flowise instance with public chatflows enabled
  2. Configuration Retrieval: By accessing the public chatflow configuration endpoint, the attacker retrieves internal workflow data
  3. Credential Extraction: OAuth credential identifiers are extracted from the configuration response
  4. Token Theft: Using the extracted credential identifiers, the attacker calls the token refresh functionality to obtain valid OAuth 2.0 access tokens
  5. Unauthorized Access: The stolen tokens grant access to whatever external services were configured in the Flowise workflow

The attack requires no authentication and can be performed remotely over the network. For detailed technical information, see the GitHub Security Advisory.

Detection Methods for CVE-2026-41273

Indicators of Compromise

  • Unexpected access to public chatflow configuration endpoints from external or unknown IP addresses
  • Unusual OAuth token refresh requests, particularly from IP addresses not associated with legitimate users
  • Access logs showing enumeration patterns against chatflow API endpoints
  • Anomalous authentication events in connected third-party services using OAuth tokens issued through Flowise

Detection Strategies

  • Monitor web server and application logs for requests to chatflow configuration endpoints from unauthenticated sources
  • Implement alerting on OAuth token refresh operations that lack proper session context
  • Review access patterns to identify bulk retrieval of chatflow configurations
  • Correlate Flowise access logs with authentication logs from integrated OAuth providers

Monitoring Recommendations

  • Enable verbose logging on all Flowise API endpoints, particularly those serving chatflow configurations
  • Set up alerts for multiple failed or unusual OAuth operations within short time windows
  • Monitor for unauthorized access attempts to external services that may indicate stolen OAuth tokens
  • Regularly audit public chatflow configurations to ensure no sensitive OAuth integrations are exposed

How to Mitigate CVE-2026-41273

Immediate Actions Required

  • Upgrade Flowise to version 3.1.0 or later immediately
  • Review all public chatflows and temporarily disable any that include OAuth integrations until patched
  • Rotate OAuth credentials and tokens for any integrations that may have been exposed
  • Audit access logs for signs of exploitation prior to patching

Patch Information

This vulnerability is fixed in Flowise version 3.1.0. Organizations should upgrade to this version or later to remediate the authentication bypass. The fix ensures that OAuth credential identifiers are no longer exposed through public chatflow configuration endpoints and implements proper authentication checks on sensitive operations.

For additional details, refer to the GitHub Security Advisory.

Workarounds

  • Disable public chatflow functionality until the patch can be applied
  • Place Flowise behind a reverse proxy with authentication requirements for all endpoints
  • Remove OAuth integrations from any chatflows that must remain public
  • Implement network-level access controls to restrict access to Flowise configuration endpoints
  • Use a Web Application Firewall (WAF) to block unauthorized access to sensitive API paths
bash
# Example: Restrict access to Flowise configuration endpoints via nginx
# Add to nginx configuration for Flowise reverse proxy

location ~ ^/api/v1/public-chatflows/.*/config {
    # Deny external access to configuration endpoints
    deny all;
    # Or restrict to specific trusted IPs
    # allow 10.0.0.0/8;
    # deny all;
}

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.