CVE-2026-41279 - Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials
CVE ID :CVE-2026-41279 Published : April 23, 2026, 8:16 p.m. | 1 hour, 34 minutes ago Description :Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint (POST /api/v1/text-to-speech/generate) is whitelist
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface
- [CYBER] Mullvad VPN Creates iOS Master Switch to Protect Users From Data Leaks
- [CYBER] CVE-2026-29197 - Apache Apps Engine Log Information Disclosure Vulnerability
- [CYBER] CVE-2026-6732 - Libxml2: libxml2: denial of service via crafted xsd-validated document
- [CYBER] Anthropic CVP Run 3 — Does Claude's Safety Stack Scale Down to Haiku 4.5?
- [CYBER] DeFi bleeds $7B in a day after $290M exploit – Layer Zero calls it another Lazarus hit - MSN