How is CVE-2026-46443 exploited?

Network reachability (required): The Flowise API must be reachable over the network; an attacker sends the crafted credential-filter request from a remote host. Authentication (required): A low-privilege account is sufficient; the attacker must hold valid Flowise credentials to issue the filtered credential lookup request. Victim interaction (not-required): No victim action is needed; the attacker interacts directly with the API endpoint without requiring any other user to take action. Attack complexity (info): Exploitation involves environmental factors that raise complexity; the attacker must identify and craft the correct credentialName filter parameter value, and success is not guaranteed on every attempt.

What is the impact of CVE-2026-46443?

The attacker reads the encryptedData field for any credential matching the supplied filter, recovering encrypted secrets such as API keys, service account tokens, or third-party integration passwords stored in Flowise. Compromised credentials can be used to authenticate to downstream services connected to Flowise flows, extending the attacker's reach beyond the Flowise instance itself. No integrity or availability impact is introduced directly; data in Flowise is not modified or destroyed by this exploit path.

Back to search

HIGHCVE-2026-46443Published 2026-06-08Modified 2026-06-09CNA GitHub_M

CVE-2026-46443: Flowise: Credential Data Leak

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData field is not stripped from the response. The code properly omits encryptedData when no filter is used but fails to do so when a filter is used. This issue has been patched in version 3.1.2.

CVSS v4.0: 7.0
Severity: HIGH
Fixed in: —
Affected Products: 1

HarborGuard Analysis

Synopsis

An authentication-required credential data leak affects Flowise, an open-source drag-and-drop interface for building large language model workflows. An attacker with a low-privilege account can send a filtered credential lookup request that causes the API to return the raw encryptedData field, which is correctly stripped only in the unfiltered code path. Successful exploitation gives the attacker access to encrypted credential material for any credential matching the filter, which can be used to recover secrets stored in Flowise. HarborGuard tracks this advisory and will make a patched-image rebuild available the moment an upstream fix version is published.

HarborGuard Coverage

Detection

Detection capability for CVE-2026-46443 is available across every HarborGuard environment; the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images in connected registries and CI pipelines, including custom-built Flowise images.

Available

Triage

HarborGuard scores this CVE at 7.0 HIGH using the CVSS v4.0 vector and is capable of applying per-environment compliance policy weighting before routing the finding to the appropriate team inbox inside each customer organization.

Available

Patch

No upstream fix version has been published for CVE-2026-46443 yet; HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment an upstream release is confirmed. For customers with auto-remediation enabled, that rebuild will trigger a regression run and open a PR against affected workloads without manual intervention.

Pending upstream

Exploit Conditions

Network reachabilityRequired
The Flowise API must be reachable over the network; an attacker sends the crafted credential-filter request from a remote host.
AuthenticationRequired
A low-privilege account is sufficient; the attacker must hold valid Flowise credentials to issue the filtered credential lookup request.
Victim interactionNot required
No victim action is needed; the attacker interacts directly with the API endpoint without requiring any other user to take action.
Attack complexityDetail
Exploitation involves environmental factors that raise complexity; the attacker must identify and craft the correct credentialName filter parameter value, and success is not guaranteed on every attempt.

Blast Radius

The attacker reads the encryptedData field for any credential matching the supplied filter, recovering encrypted secrets such as API keys, service account tokens, or third-party integration passwords stored in Flowise.
Compromised credentials can be used to authenticate to downstream services connected to Flowise flows, extending the attacker's reach beyond the Flowise instance itself.
No integrity or availability impact is introduced directly; data in Flowise is not modified or destroyed by this exploit path.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix version for CVE-2026-46443 has been published, HarborGuard monitors the advisory on every ingest cycle and will surface a patched-image rebuild the moment FlowiseAI ships a confirmed fix release. In the interim, customers are advised to apply compensating controls: restrict network access to the Flowise API to trusted internal networks or VPN segments via Kubernetes NetworkPolicy or equivalent firewall rules; audit which accounts hold Flowise credentials and reduce the set of low-privilege users who can issue credential lookup requests; and consider rotating any secrets stored in Flowise credentials as a precaution. For customers with auto-remediation enabled, once an upstream fix is confirmed, HarborGuard will trigger a rebuild, run regression tests, and open a PR against affected workloads automatically.

See how HarborGuard automates this

Affected packages

FlowiseAI / Flowise
< 3.1.2

CVSS Vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

References

Metrics

Get notified