CVE-2026-30824 is a vulnerability classified under CWE-306 (Missing Authentication for Critical Function) affecting FlowiseAI's Flowise product versions prior to 3.0.13. Flowise is a drag-and-drop interface designed to build customized large language model workflows. The vulnerability stems from the NVIDIA NIM router endpoints under the path /api/v1/nvidia-nim/* being explicitly whitelisted in the global authentication middleware. This whitelist bypass allows unauthenticated users to access sensitive container management and token generation endpoints without any authentication or user interaction. Such access can enable attackers to manipulate containerized environments, potentially leading to unauthorized deployment, modification, or termination of containers, and issuance of tokens that could be used for further privilege escalation or lateral movement within the environment. The vulnerability has a CVSS 4.0 base score of 7.7, reflecting its high severity due to network attack vector, low attack complexity, no privileges or user interaction required, and a high scope impact. Although no known exploits are currently reported in the wild, the critical nature of the exposed functions and ease of exploitation make this a significant threat. The issue was addressed and patched in Flowise version 3.0.13 by removing the whitelist and enforcing proper authentication on the affected endpoints.

The vulnerability allows unauthenticated attackers to gain unauthorized access to critical container management and token generation functions within Flowise deployments. This can lead to severe consequences including unauthorized container manipulation, deployment of malicious containers, disruption of AI workflow operations, and issuance of tokens that may facilitate further attacks or privilege escalation. Organizations relying on Flowise for AI model orchestration could face operational downtime, data integrity issues, and potential exposure of sensitive AI model workflows. The lack of authentication means attackers can exploit this remotely over the network without any user interaction, increasing the risk of widespread exploitation. Given the growing adoption of AI orchestration platforms, the impact could extend to sectors such as technology, research, finance, and government agencies that deploy AI workloads in containerized environments.

Immediate upgrade to Flowise version 3.0.13 or later is the primary mitigation step, as this version patches the vulnerability by enforcing authentication on the NVIDIA NIM router endpoints. Until upgrade is possible, organizations should implement network-level access controls to restrict access to the /api/v1/nvidia-nim/* endpoints, limiting exposure to trusted internal networks or VPNs only. Deploying Web Application Firewalls (WAFs) with rules to block unauthenticated requests targeting these endpoints can provide temporary protection. Additionally, monitoring and logging access to container management and token generation APIs should be enhanced to detect any anomalous or unauthorized activity. Organizations should also review their container orchestration security posture, including token management policies and container runtime security, to reduce the blast radius of potential exploitation. Regular vulnerability scanning and penetration testing focused on authentication bypass scenarios are recommended to proactively identify similar issues.