How is CVE-2026-46440 exploited?

Network reachability (required): The checkBasicAuth endpoint is exposed over the network, so an attacker must be able to reach the Flowise service via a standard HTTP connection. Authentication (not-required): No credentials or prior account access are needed to reach the vulnerable endpoint and initiate an exploit attempt. Victim interaction (required): Exploitation requires a victim to take some action, such as following a crafted link or triggering a request, making a social-engineering step necessary. Attack complexity (info): The CVSS vector rates complexity as High, meaning the attacker must account for specific environmental conditions or timing factors beyond simple request crafting.

What is the impact of CVE-2026-46440?

Reads plaintext Basic Auth credentials submitted to the checkBasicAuth endpoint, allowing the attacker to harvest valid usernames and passwords. Modifies LLM flow configurations, injecting malicious prompts or altering workflow logic stored in the Flowise instance. Crashes or degrades the Flowise service, disrupting LLM-powered applications that depend on it. Leverages captured credentials to pivot into connected systems if the same credentials are reused elsewhere.

Back to search

HIGHCVE-2026-46440Published 2026-06-08Modified 2026-06-08CNA GitHub_M

CVE-2026-46440: Flowise: Basic Auth Credentials Exposed via API

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2.

CVSS v3.0: 7.5
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

An authentication-credential exposure vulnerability exists in the checkBasicAuth endpoint of Flowise, a drag-and-drop UI for building large language model workflows. The endpoint can be reached over the network without any prior authentication, but exploitation requires an attacker to engineer victim interaction and navigate moderate attack complexity. Successful exploitation gives an attacker full read, write, and availability impact on the affected service, including the ability to steal, modify, or destroy LLM flow data. HarborGuard tracks this advisory and will make a patched-image rebuild available the moment a fix version is published upstream.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images in connected registries and CI pipelines, including custom-built images derived from the Flowise base. Any image running a Flowise version below 3.1.2 is flagged automatically.

Available

Triage

HarborGuard scores this CVE at 7.5 HIGH using the published CVSS v3.0 vector and weights the finding against each customer environment's compliance policy to determine breach-of-threshold routing. Triage tickets are delivered to the inbox or ticketing integration configured for the affected workload's owner inside each customer org.

Available

Patch

Because no fix version has been published upstream yet, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment a qualifying upstream release appears. Where compliance policy permits, customers with auto-remediation enabled will receive the rebuild, a regression-test run, and a PR opened against affected workloads without manual intervention.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The checkBasicAuth endpoint is exposed over the network, so an attacker must be able to reach the Flowise service via a standard HTTP connection.
AuthenticationNot required
No credentials or prior account access are needed to reach the vulnerable endpoint and initiate an exploit attempt.
Victim interactionRequired
Exploitation requires a victim to take some action, such as following a crafted link or triggering a request, making a social-engineering step necessary.
Attack complexityDetail
The CVSS vector rates complexity as High, meaning the attacker must account for specific environmental conditions or timing factors beyond simple request crafting.

Blast Radius

Reads plaintext Basic Auth credentials submitted to the checkBasicAuth endpoint, allowing the attacker to harvest valid usernames and passwords.
Modifies LLM flow configurations, injecting malicious prompts or altering workflow logic stored in the Flowise instance.
Crashes or degrades the Flowise service, disrupting LLM-powered applications that depend on it.
Leverages captured credentials to pivot into connected systems if the same credentials are reused elsewhere.

How HarborGuard Handles This

Available on HarborGuard: continuous monitoring of the Flowise advisory is active on every ingest cycle, so the moment a fix version is published upstream the platform will make a patched-image rebuild available without requiring manual intervention. For customers with auto-remediation enabled, that rebuild will be followed by an automated regression-test run and a PR opened against affected workloads. While no upstream patch exists, recommended compensating controls include placing the Flowise service behind a network policy that restricts inbound access to known IP ranges, enabling egress filtering to limit lateral movement if credentials are captured, and disabling or gating the checkBasicAuth endpoint via a feature flag or reverse-proxy rule if the application allows it.

See how HarborGuard automates this

Affected packages

FlowiseAI / Flowise
< 3.1.2

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Metrics

Get notified