VYPR
← All advisories
High severity7.0NVD Advisory· Published May 14, 2026· Updated May 14, 2026

FlowiseAI Vulnerable to Credential Data Leak

CVE-2026-46443

Description

Severity: HIGH (CVSS ~7.5) Type: CWE-200 (Exposure of Sensitive Information) File: packages/server/src/services/credentials/index.ts:62-71

Description: When credentials are fetched with a credentialName filter parameter, the encryptedData field is NOT stripped from the response. The code properly omits encryptedData when NO filter is used (line 102) but fails to do so when a filter IS used (lines 62-63, 70-71). Credential Data Leak Evidence: ``typescript // Lines 62-63: WITH filter - encryptedData LEAKED const credentials = await appServer.AppDataSource.getRepository(Credential).findBy(searchOptions) dbResponse.push(...credentials) // encryptedData NOT removed! // Lines 100-102: WITHOUT filter - encryptedData properly omitted for (const credential of credentials) { dbResponse.push(omit(credential, ['encryptedData'])) // Correctly omitted } ``

Impact: Authenticated users can extract encrypted credential data (API keys, passwords, tokens for services like OpenAI, AWS, etc.). Combined with access to the encryption key file (~/.flowise/encryption.key written with default permissions), this enables full credential theft.

Reproduction: ``bash curl https://TARGET/api/v1/credentials?credentialName=openAIApi \ -H "Authorization: Bearer API_KEY" # Response includes encryptedData field with AES-encrypted credentials ``

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Flowise exposes encrypted credential data via API when using credentialName filter, allowing authenticated users to leak secrets.

Vulnerability

In Flowise versions prior to 3.1.2, the credentials endpoint (/api/v1/credentials) fails to omit the encryptedData field when the credentialName query parameter is supplied. The code at packages/server/src/services/credentials/index.ts lines 62–63 and 70–71 pushes credentials directly into the response without stripping encryptedData, while the no-filter path at line 102 correctly uses omit(credential, ['encryptedData']) [1][3][4].

Exploitation

An attacker with a valid API key (Bearer token) can send a GET request to https://TARGET/api/v1/credentials?credentialName=openAIApi and receive a JSON response that includes the encryptedData field containing AES-encrypted credential payloads [3][4].

Impact

Exposure of encrypted credential data—such as API keys, passwords, and tokens for services like OpenAI and AWS. If the attacker also gains access to the encryption key file (~/.flowise/encryption.key), which is written with default permissions, they can decrypt the credentials and achieve full theft of the underlying secrets [3][4].

Mitigation

The vulnerability is fixed in Flowise version 3.1.2 (released May 14, 2026) as part of PR #6042 [1][3][4]. Users should upgrade to this version or later. No official workaround is available; upgrading is the recommended course of action.

References
  1. Release flowise@3.1.2 · FlowiseAI/Flowise
  2. CVE-2026-46443 - GitHub Advisory Database
  3. Credential Data Leak

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.