CVE-2026-41276: Authentication Bypass in Flowise Low-Code LLM Platform
A critical authentication bypass vulnerability in Flowise, a popular low-code platform for building LLM applications, allows unauthenticated remote attackers to compromise systems via a flawed password reset mechanism.
A critical authentication bypass vulnerability has been disclosed in Flowise, a widely used low-code platform for building large language model (LLM) applications. Tracked as CVE-2026-41276 and published by the Zero Day Initiative (ZDI-26-300), the flaw exists in the resetPassword method of the AccountService class, where improper implementation of the password reset mechanism allows remote attackers to bypass authentication entirely without needing any credentials.
The vulnerability carries a CVSS score of 8.1, with the vector AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating high confidentiality, integrity, and availability impact. Although the attack complexity is rated high, the fact that no authentication or user interaction is required makes it particularly dangerous for internet-facing Flowise instances. An attacker who successfully exploits this flaw can gain full administrative access to the platform, potentially exfiltrating sensitive LLM prompts, model configurations, and API keys.
Flowise is an open-source, low-code tool that enables developers and non-technical users to visually build LLM-powered applications, chatbots, and agents. It has gained significant traction in the AI development community, with thousands of deployments on GitHub and commercial use in enterprise environments. The vulnerability affects all versions prior to the commit that fixes the issue, and given the platform's role in handling potentially sensitive AI workflows, the impact of a compromise could be severe.
The flaw was discovered and reported by researcher Nicholas Zubrisky of TrendAI Research, who responsibly disclosed it to the vendor on February 19, 2026. Flowise has since released a fix in commit 6c78e1c36f4cf08874b9b7a444d61ab63441d78a, which is available in the project's GitHub repository. Users are strongly advised to update their Flowise installations immediately to the latest patched version.
This vulnerability highlights a growing security concern around low-code and no-code AI development platforms. As organizations rapidly adopt tools like Flowise to build LLM applications, the security of the underlying platforms becomes critical. Authentication bypass flaws in such systems can provide attackers with a direct path to compromise AI pipelines, steal proprietary models, or inject malicious prompts. The disclosure by ZDI and the coordinated patch release underscore the importance of proactive vulnerability management in the AI supply chain.
Administrators should verify that their Flowise deployments are running a version that includes the fix from commit 6c78e1c36f4cf08874b9b7a444d61ab63441d78a. Additionally, network segmentation and access controls should be applied to limit exposure of Flowise management interfaces to the internet. The advisory also credits the coordinated disclosure process, which allowed the vendor time to develop and release a patch before public details emerged.