CVE-2026-41273 - Flowise: Unauthenticated OAuth 2.0 Access Token Disclosure via Public Chatflow
CVE ID :CVE-2026-41273 Published : April 23, 2026, 7:29 p.m. | 21 minutes ago Description :Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacker to
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Attempted hack on my Microsoft account. Was it a VPN node?
- [CYBER] KelpDAO hack news: Aave leads DeFi bailout push after $292M crypto exploit - CoinDesk
- [CYBER] US, UK agencies warn hackers were hiding on Cisco firewalls long after patches were applied
- [CYBER] Speaking Freely: Lizzie O'Shea
- [CYBER] Dragos: Despite AI use, new malware targeting water plants is ‘hype’
- [CYBER] Trump’s pick to run US cyber agency CISA asks to drop out