Flowise Cloud Vulnerability Exposes Multi-Tenant Environments

/HIGH /CVSS 8.1/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-639cwe-915
Flowise Cloud Vulnerability Exposes Multi-Tenant Environments

The National Vulnerability Database has identified a critical vulnerability (CVE-2026-41267) in Flowise Cloud, impacting versions prior to 3.1.0. This flaw allows unauthenticated attackers to inject server-managed fields during account registration. The exploit enables manipulation of ownership, timestamps, and role mappings, directly compromising trust boundaries in multi-tenant setups.

This improper mass assignment vulnerability, rated High (CVSS 8.1), is a serious concern for organizations leveraging Flowise for LLM workflow management. The ability for an attacker to inject arbitrary data into ownership and role structures can lead to account takeovers or privilege escalation within the Flowise Cloud environment.

What This Means For You

  • If your organization uses Flowise Cloud, immediately verify that you are running version 3.1.0 or later. If not, patch or upgrade your instance without delay to mitigate the risk of unauthorized data manipulation and potential account compromise.
🛡️ Am I exposed to this? Get detection rules for CVE-2026-41267 — Splunk, Sentinel, Elastic, QRadar & more

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1505.003 Server Software Component Initial Access

🛡️ Detection Rules

2 rules · 6 SIEM formats

2 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

CVE-2026-41267 - Flowise Cloud Account Registration JSON Injection

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-41267 Auth Bypass Flowise Cloud account registration endpoint
CVE-2026-41267 Misconfiguration Flowise Cloud versions prior to 3.1.0
CVE-2026-41267 Information Disclosure Improper mass assignment (JSON injection) in Flowise Cloud

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 23, 2026 at 23:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-6732 — Libxml2 Denial of Service

CVE-2026-6732 — A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-843
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 2 IOCs /⚙ 2 Sigma

OpenShell Mirror Mode Allows Arbitrary Code Execution

CVE-2026-41355 — OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror...

vulnerabilityCVEhigh-severitycode-executioncwe-829
/SCW Vulnerability Desk /HIGH /7.3 /⚑ 4 IOCs /⚙ 3 Sigma

OpenClaw: High-Severity Access Control Bypass Looms

CVE-2026-41353 — OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile...

vulnerabilityCVEhigh-severitycwe-472
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 4 IOCs /⚙ 2 Sigma