Flowise - Cross-Workspace Information Disclosure via chatflows/apikey Endpoint

An attacker who possesses a valid API key for any workspace can call `/api/v1/chatflows/apikey/:apikey` without the `keyonly` query parameter [ref_id=1]. The endpoint returns not only the chatflows bound to that key but also all chatflows across every workspace that have no API key assigned, because the underlying query lacks a workspace filter [CWE-863]. The response includes the full `ChatFlow` entity, exposing `flowData` (system prompts, node configurations, custom code), `chatbotConfig`, `apiConfig`, and credential IDs in `textToSpeech`/`speechToText` fields [ref_id=1]. No authentication beyond the API key itself is required, and the endpoint is whitelisted.

The vulnerability resides in `packages/server/src/controllers/chatflows/index.ts:90-107` and `packages/server/src/services/chatflows/index.ts:223-245`. The `getChatflowByApiKey` service builds a query that, when the `keyonly` parameter is omitted, adds `OR` clauses (`cf.apikeyid IS NULL` or `cf.apikeyid = ''`) without any workspace filter, causing the endpoint to return unprotected chatflows from every workspace.

The advisory recommends adding workspace scoping to the `getChatflowByApiKey` query by passing the API key's workspace ID and filtering the `OR` clause so that unprotected chatflows are only returned when they belong to the same workspace as the API key [ref_id=1]. Specifically, the fix changes the `orWhere` condition to `(cf.apikeyid IS NULL OR cf.apikeyid = :empty) AND cf.workspaceId = :workspaceId`, which prevents cross-workspace leakage. The patch does not show the exact diff, but the advisory's recommended code snippet is the authoritative guidance.