Low severity3.7NVD Advisory· Published May 6, 2026· Updated May 7, 2026

CVE-2026-8028

Description

A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit is now public and may be used. Upgrading the affected component is recommended.

Affected products

Flowiseai/Flowise
cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*
Range: <=3.0.12

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gist.github.com/YLChen-007/1d52497b0221835f99367be61612746bnvdExploitThird Party Advisory
vuldb.com/submit/777659nvdThird Party AdvisoryVDB Entry
vuldb.com/vuln/361276nvdThird Party AdvisoryVDB Entry
vuldb.com/vuln/361276/ctinvdPermissions RequiredVDB Entry

News mentions

We Scanned 1 Million Exposed AI Services. Here's How Bad the Security Actually Is
The Hacker News · May 5, 2026

cvss	0.240
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000