CVE-2026-30820 is an authorization bypass vulnerability affecting Flowise, a drag-and-drop interface for building customized large language model workflows. In versions before 3.0.13, Flowise trusts any HTTP client that sets the header 'x-request-from: internal' and uses this as a basis to bypass all authorization checks on API endpoints under /api/v1/**. This flawed logic allows an authenticated tenant session with low privileges—identified only by a browser cookie—to invoke sensitive internal administration endpoints. These endpoints include API key management, credential stores, and the execution of custom functions, which should normally be restricted to higher privilege users. The root cause is an incorrect authorization design (CWE-863) where the system implicitly trusts the header without verifying the client's legitimacy or privilege level. Exploitation requires no additional authentication or user interaction beyond possessing a valid tenant session cookie. The vulnerability has a CVSS 4.0 score of 8.7 (high severity), reflecting its network attack vector, low complexity, no required user interaction, and high impact on confidentiality, integrity, and availability. The issue was publicly disclosed and patched in Flowise version 3.0.13. No known exploits have been observed in the wild to date.

This vulnerability allows attackers with low-privilege authenticated access to escalate their privileges significantly by bypassing authorization controls. They can access and manipulate sensitive administrative functions such as API key management and credential stores, potentially leading to unauthorized data access, credential theft, and execution of arbitrary custom functions. This can compromise the confidentiality and integrity of the system and its data, and may also impact availability if administrative functions are misused. Organizations relying on Flowise for managing large language model workflows are at risk of internal compromise and lateral movement within their environments. The ease of exploitation—requiring only a valid tenant session cookie and no user interaction—makes this vulnerability particularly dangerous in multi-tenant or shared environments.

The primary mitigation is to upgrade Flowise to version 3.0.13 or later, where this authorization bypass issue is fixed. Until upgrade, organizations should implement strict network segmentation and access controls to limit exposure of Flowise API endpoints to trusted users only. Monitoring and logging of API requests, especially those containing the 'x-request-from: internal' header, should be enhanced to detect suspicious activity. Review and tighten tenant session management and cookie security to prevent session hijacking. Additionally, consider implementing Web Application Firewalls (WAFs) with custom rules to block unauthorized internal header usage. Conduct thorough audits of API key and credential store usage to identify any unauthorized access. Finally, educate administrators and developers about the risks of trusting client-supplied headers for authorization decisions.