CVE-2026-42861 | FlowiseAI Flowise up to 3.0.12 API Endpoint createLead dynamically-determined object attributes

Inserito da Angelo Barbosa | Mag 6, 2026 | CVE

A vulnerability was found in FlowiseAI Flowise up to 3.0.12 and classified as critical. Affected by this issue is the function createLead of the component API Endpoint. Such manipulation leads to dynamically-determined object attributes.

This vulnerability is traded as CVE-2026-42861. The attack may be launched remotely. Furthermore, there is an exploit available.

It is suggested to upgrade the affected component.

CVE-2026-42861 | FlowiseAI Flowise up to 3.0.12 API Endpoint createLead dynamically-determined object attributes

Post correlati

CVE-2026-6443 | essentialplugin Accordion and Accordion Slider Plugin 1.4.6 on WordPress malicious code

CVE-2025-70093 | OpenSourcePOS 3.4.1 AJAX privilege escalation

CVE-2026-36837 | Totolink A3002RU V3 up to 3.0.0-B20220304.1804 formMapDelDevice Hostname buffer overflow

CVE-2024-30587 | Tenda FH1202 1.2.0.14(408) saveParentControlInfo urls stack-based overflow