Low severity3.7NVD Advisory· Published May 6, 2026· Updated May 7, 2026
CVE-2026-8026
CVE-2026-8026
Description
A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is told to be difficult. You should upgrade the affected component.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
flowisenpm | <= 3.0.12 | — |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- gist.github.com/YLChen-007/50a553f09aa1c7c04ce18cec13986a91nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-8f47-4rh3-x44mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-8026ghsaADVISORY
- vuldb.com/submit/777656nvdThird Party AdvisoryVDB EntryWEB
- vuldb.com/vuln/361273nvdThird Party AdvisoryVDB EntryWEB
- vuldb.com/vuln/361273/ctinvdPermissions RequiredVDB EntryWEB
News mentions
1- We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually IsThe Hacker News · May 5, 2026