CVE-2026-30820 is an incorrect authorization vulnerability (CWE-863) found in FlowiseAI's Flowise, a drag-and-drop interface for building customized large language model workflows. Prior to version 3.0.13, Flowise improperly trusts the HTTP header 'x-request-from: internal' without verifying the client's legitimacy. This trust allows any authenticated tenant with a valid browser cookie to bypass authorization checks on all API endpoints under /api/v1/**. Consequently, a low-privilege user can invoke sensitive internal administration endpoints, including those managing API keys, credential stores, and executing custom functions. This results in privilege escalation, compromising the confidentiality and integrity of the system. The vulnerability requires no additional authentication beyond a tenant session and no user interaction, making exploitation straightforward. The vulnerability has been assigned a CVSS 4.0 score of 8.7 (high severity), reflecting its network attack vector, low complexity, no privileges required beyond a tenant session, and high impact on confidentiality, integrity, and availability. The flaw was patched in Flowise version 3.0.13, which removes the unsafe trust in the 'x-request-from' header and enforces proper authorization checks. No public exploits have been reported yet, but the vulnerability poses a significant risk to organizations using affected versions.

The vulnerability allows attackers with low-privilege tenant access to escalate their privileges to administrative levels by bypassing authorization controls. This can lead to unauthorized access to sensitive internal functions such as API key management and credential stores, potentially exposing secrets and enabling further compromise of the environment. Attackers could execute arbitrary custom functions, which may lead to code execution or data manipulation, severely impacting system integrity and availability. Organizations relying on Flowise for managing large language model workflows risk data breaches, loss of control over critical credentials, and disruption of AI service operations. The ease of exploitation without additional authentication or user interaction increases the likelihood of successful attacks, especially in multi-tenant environments where tenant isolation is critical. The vulnerability undermines trust boundaries within the application, potentially affecting confidentiality, integrity, and availability of the affected systems.

Organizations should immediately upgrade Flowise to version 3.0.13 or later, where the vulnerability is patched. Until upgrading, implement strict network segmentation and access controls to limit tenant access to the Flowise API endpoints. Disable or filter requests containing the 'x-request-from: internal' header from untrusted sources. Conduct thorough audits of API usage logs to detect any anomalous or unauthorized access patterns. Employ Web Application Firewalls (WAFs) with custom rules to block suspicious header manipulations. Review and harden tenant session management to ensure minimal privileges are granted by default. Additionally, implement monitoring and alerting for administrative API endpoint access. Educate developers and administrators about the risks of trusting client-supplied headers for authorization decisions and enforce server-side validation of all authorization checks. Regularly review and test authorization logic to prevent similar flaws.