CVE-2026-41278 | FlowiseAI Flowise up to 3.0.x :id sanitizeFlowDataForPublicEndpoint information disclosure (GHSA-w47f-j8rh-wx87)

Inserito da Angelo Barbosa | Apr 23, 2026 | CVE

A vulnerability identified as problematic has been detected in FlowiseAI Flowise up to 3.0.x. Impacted is the function sanitizeFlowDataForPublicEndpoint of the file /api/v1/public-chatflows/:id. This manipulation causes information disclosure.

This vulnerability is handled as CVE-2026-41278. The attack can be initiated remotely. There is not any exploit available.

You should upgrade the affected component.

CVE-2026-41278 | FlowiseAI Flowise up to 3.0.x :id sanitizeFlowDataForPublicEndpoint information disclosure (GHSA-w47f-j8rh-wx87)

Post correlati

CVE-2024-44945 | Linux Kernel up to 6.10.6 nfnetlink Privilege Escalation (3e03b536d945/d1a7b382a9d3)

CVE-2025-0420 | Paraşüt up to 20250204 cross site scripting

CVE-2024-12187 | 1000 Projects Library Management System 1.0 /showbook.php q sql injection

CVE-2024-9608 | MyParcel Plugin up to 4.24.1 on WordPress cross site scripting