Skip to content

Flowise

[email protected] scope: flowise Security

This release includes 6 security fixes for security teams reviewing exposed deployments.

Published 1mo AI Agents & Assistants
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 6 known CVEs

Topics

agentic-ai agentic-workflow agents artificial-intelligence llm chatgpt
+10 more
javascript langchain large-language-models low-code multiagent-systems no-code openai react typescript workflow-automation

Summary

AI summary

Security fixes for CORS wildcard, credential leaks, mass assignment, and IDOR vulnerabilities.

Security Fixes

  • Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential abuse
  • Credential data leak vulnerability
  • Multiple mass assignment vulnerabilities across Tools, Variables, Chatflow, Assistant, Dataset, and Custom Template endpoints
  • IDOR Takeover in PUT /api/v1/user
  • IDOR in Evaluators and Evaluations Endpoints
  • Cross-workspace Chatflow disclosure vulnerability
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Flowise

Get notified when new releases ship.

Sign up free

About Flowise

Build AI Agents, Visually

All releases →

Related context

Beta — feedback welcome: [email protected]