FlowiseAI's Flowise is a drag-and-drop interface designed to build customized large language model workflows. Prior to version 3.0.13, Flowise contains an authorization bypass vulnerability classified as CWE-639 (Authorization Bypass Through User-Controlled Key) and CWE-862 (Missing Authorization). This vulnerability manifests as an Insecure Direct Object Reference (IDOR), where an attacker can manipulate user-controlled keys to access or modify resources without proper authorization checks. Specifically, the flaw allows an attacker with limited privileges to perform account takeover and bypass enterprise features, including Single Sign-On (SSO) configurations. The vulnerability is remotely exploitable over the network (AV:N) with low attack complexity (AC:L), requiring privileges (PR:L) but no user interaction (UI:N). The scope is unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), as attackers can gain unauthorized access to accounts and sensitive enterprise configurations, potentially compromising organizational security and user data. The vulnerability was publicly disclosed on March 7, 2026, and has been patched in Flowise version 3.0.13. No known exploits have been reported in the wild, but the high CVSS score of 8.8 indicates significant risk if exploited. The vulnerability highlights the importance of robust authorization checks on user-controlled inputs, especially in complex workflow management systems that integrate critical enterprise features like SSO.

The vulnerability allows attackers to bypass authorization controls, leading to account takeover and unauthorized access to enterprise features such as SSO configurations. This can result in severe confidentiality breaches, including exposure of sensitive user and organizational data. Integrity is compromised as attackers can manipulate configurations and workflows, potentially injecting malicious logic or disrupting normal operations. Availability may also be affected if attackers disrupt service or lock out legitimate users. Organizations relying on Flowise for managing AI workflows and enterprise integrations face risks of operational disruption, data leakage, and loss of trust. The ability to bypass SSO configurations can undermine centralized authentication controls, increasing the attack surface and facilitating lateral movement within networks. Given the high CVSS score and the critical nature of the affected features, the impact on organizations is substantial, particularly for enterprises with sensitive data and complex AI workflow deployments.

The primary mitigation is to upgrade Flowise to version 3.0.13 or later, where the vulnerability has been patched. Organizations should audit their current Flowise deployments to identify affected versions and prioritize patching. In addition to patching, implement strict access controls and monitoring around Flowise instances, especially for users with privileges that could be exploited. Review and harden authorization logic to ensure user-controlled keys or identifiers are validated and access checks are enforced consistently. Employ network segmentation to limit exposure of Flowise management interfaces to trusted networks and users only. Enable logging and alerting on suspicious activities related to account modifications and SSO configuration changes. Conduct regular security assessments and penetration testing focused on authorization mechanisms within AI workflow tools. Finally, educate administrators and users about the risks of privilege escalation and the importance of timely patching.