CVE-2026-56277 Overview
CVE-2026-56277 affects Flowise versions before 3.1.2. The vulnerability resides in the text-to-speech (TTS) generation endpoint at packages/server/src/controllers/text-to-speech/index.ts. This controller hardcodes the Access-Control-Allow-Origin header to a wildcard (*), bypassing the restrictive default CORS policy returned by getCorsOptions(). Any external webpage can trigger cross-origin requests to the TTS endpoint using the victim's stored credentials. This enables drive-by cross-origin credential abuse against authenticated Flowise users. The issue is tracked under [CWE-346: Origin Validation Error].
Critical Impact
Attackers can invoke authenticated TTS generation from arbitrary origins, consuming API credits and abusing stored third-party credentials.
Affected Products
- Flowise versions prior to 3.1.2
- Flowise TTS controller at packages/server/src/controllers/text-to-speech/index.ts
- Deployments relying on getCorsOptions() for cross-origin protection
Discovery Timeline
- 2026-06-30 - CVE-2026-56277 published to NVD
- 2026-07-01 - Last updated in NVD database
Technical Details for CVE-2026-56277
Vulnerability Analysis
Flowise is an open-source low-code platform for building large language model (LLM) applications. The server enforces a default CORS policy through the getCorsOptions() helper, which restricts cross-origin browser access to configured origins. The TTS controller overrides this policy by setting Access-Control-Allow-Origin: * directly on responses. This override applies regardless of the operator-configured allowlist.
The hardcoded wildcard permits any origin to issue authenticated cross-origin requests to the TTS route. Because browsers attach cookies and session credentials on same-site requests, an attacker-controlled page loaded by a signed-in user can invoke TTS generation. This action consumes provider-side quota tied to stored API keys for services such as OpenAI or ElevenLabs.
Root Cause
The root cause is a policy conflict inside the TTS controller. The route handler emits a static Access-Control-Allow-Origin: * header instead of deferring to the centralized CORS middleware. This constitutes an origin validation failure classified as [CWE-346].
Attack Vector
Exploitation requires a Flowise user to be authenticated to a vulnerable instance and to visit an attacker-controlled webpage. The malicious page issues a cross-origin fetch or XHR request to the TTS endpoint. The browser accepts the wildcard response header and delivers the response to attacker JavaScript. Stored provider credentials on the Flowise server are used to generate audio, leading to credit exhaustion and unauthorized use.
No verified public exploit code has been published. The vulnerability mechanism is documented in the GitHub Security Advisory GHSA-m837-xvxr-vqwg and the VulnCheck Advisory on Flowise.
Detection Methods for CVE-2026-56277
Indicators of Compromise
- HTTP responses from the Flowise TTS endpoint containing Access-Control-Allow-Origin: * regardless of the request Origin header.
- Unexpected spikes in TTS provider (OpenAI, ElevenLabs) usage or billing without a matching increase in application activity.
- TTS requests bearing Origin headers that do not match the operator's configured Flowise front-end domains.
Detection Strategies
- Inspect reverse proxy or web application firewall logs for POST requests to Flowise TTS routes with foreign Origin values.
- Compare CORS headers returned by TTS routes against headers returned by other Flowise API routes to identify the wildcard override.
- Correlate provider-side API key usage records with Flowise application access logs to identify off-hours or anomalous invocation patterns.
Monitoring Recommendations
- Enable structured HTTP access logging that captures request Origin, Referer, and response CORS headers for the TTS endpoint.
- Alert on authenticated session activity originating from unfamiliar referrers or browser fingerprints.
- Track TTS provider quota consumption with per-hour thresholds tied to expected user counts.
How to Mitigate CVE-2026-56277
Immediate Actions Required
- Upgrade Flowise to version 3.1.2 or later, which removes the hardcoded wildcard from the TTS controller.
- Rotate any provider API keys (OpenAI, ElevenLabs, and others) that were configured on affected Flowise instances.
- Restrict inbound network access to Flowise administrative and API routes using a reverse proxy or firewall.
Patch Information
The fix is delivered in Flowise 3.1.2. The TTS controller at packages/server/src/controllers/text-to-speech/index.ts no longer sets a hardcoded Access-Control-Allow-Origin: * header and now honors the centralized getCorsOptions() policy. Refer to the GitHub Security Advisory GHSA-m837-xvxr-vqwg for full remediation details.
Workarounds
- Place Flowise behind a reverse proxy that strips or overwrites the Access-Control-Allow-Origin header on TTS responses.
- Require authenticated users to access Flowise only through isolated browser profiles that do not visit untrusted sites.
- Disable or remove stored TTS provider credentials until the patched version is deployed.
# NGINX reverse proxy example: enforce a strict CORS origin on TTS responses
location /api/v1/text-to-speech/ {
proxy_pass http://flowise_upstream;
proxy_hide_header Access-Control-Allow-Origin;
add_header Access-Control-Allow-Origin "https://flowise.example.com" always;
add_header Vary "Origin" always;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

