A vulnerability, which was classified as problematic, was found in Flowise up to 3.0.x. Affected by this issue is some unknown functionality of the file packages/server/src/enterprise/middleware/passport/index.ts of the component Enterprise Passport Authentication Middleware. The manipulation of the argument JWT_AUTH_TOKEN_SECRET/JWT_REFRESH_TOKEN_SECRET results in inadequate encryption strength.
This vulnerability is reported as CVE-2026-56271. The attack can be launched remotely. No exploit exists.