CVE-2026-41278 - Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs
CVE ID :CVE-2026-41278 Published : April 23, 2026, 8:16 p.m. | 1 hour, 34 minutes ago Description :Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without san
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] The Behavioral Shift: Why Trusted Relationships Are the Newest Attack Surface
- [CYBER] Mullvad VPN Creates iOS Master Switch to Protect Users From Data Leaks
- [CYBER] CVE-2026-29197 - Apache Apps Engine Log Information Disclosure Vulnerability
- [CYBER] CVE-2026-6732 - Libxml2: libxml2: denial of service via crafted xsd-validated document
- [CYBER] Anthropic CVP Run 3 — Does Claude's Safety Stack Scale Down to Haiku 4.5?
- [CYBER] DeFi bleeds $7B in a day after $290M exploit – Layer Zero calls it another Lazarus hit - MSN