CVE-2026-30823

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-30823

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30823.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-30823

Aliases

GHSA-cwc3-p92j-g7qm

Published

2026-03-07T05:10:08.035Z

Modified

2026-04-10T05:41:51.396143Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Flowise: IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO Configuration

Details

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, there is an IDOR vulnerability, leading to account takeover and enterprise feature bypass via SSO configuration. This issue has been patched in version 3.0.13.

Database specific

{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-639",
        "CWE-862"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/30xxx/CVE-2026-30823.json"
}

References

Affected packages

Git / github.com/flowiseai/flowise

Affected ranges

Type: GIT
Repo: https://github.com/flowiseai/flowise
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f0c1294173a55f26e0b972c39c0c16917f5ca9e7

Affected versions

flowise-components@1.*

flowise-components@1.0.0

flowise-components@1.1.0

flowise-components@1.1.1

flowise-components@1.2.1

flowise-components@1.2.10

flowise-components@1.2.12

flowise-components@1.2.14

flowise-components@1.2.15

flowise-components@1.2.16

flowise-components@1.2.17

flowise-components@1.2.2

flowise-components@1.2.3

flowise-components@1.2.4

flowise-components@1.2.5

flowise-components@1.2.6

flowise-components@1.2.7

flowise-components@1.2.8

flowise-components@1.2.9

flowise-components@1.3.0

flowise-components@1.3.1

flowise-components@1.3.10

flowise-components@1.3.11

flowise-components@1.3.2

flowise-components@1.3.3

flowise-components@1.3.4

flowise-components@1.3.5

flowise-components@1.3.7

flowise-components@1.3.8

flowise-components@1.3.9

flowise-components@1.4.0

flowise-components@1.4.1

flowise-components@1.4.2

flowise-components@1.4.6

flowise-components@1.4.7

flowise-components@1.4.8

flowise-components@1.4.9

flowise-components@1.5.0

flowise-components@1.5.1

flowise-components@1.5.2

flowise-components@1.5.3

flowise-components@1.6.0

flowise-components@1.6.1

flowise-components@1.6.2

flowise-components@1.6.3

flowise-components@1.6.4

flowise-components@1.6.5

flowise-components@1.6.6

flowise-components@1.6.7

flowise-components@1.6.8

flowise-components@1.7.0

flowise-components@1.7.1

flowise-components@1.7.2

flowise-components@1.8.0

flowise-components@1.8.1

flowise-components@1.8.3

flowise-components@1.8.4

flowise-components@1.8.6

flowise-components@2.*

flowise-components@2.0.2

flowise-components@2.0.3

flowise-components@2.0.4

flowise-components@2.0.5

flowise-components@2.0.6

flowise-components@2.0.7

flowise-components@2.1.0

flowise-components@2.1.1

flowise-components@2.1.2

flowise-components@2.1.3

flowise-components@2.1.4

flowise-components@2.1.5

flowise-components@2.2.0

flowise-components@2.2.1

flowise-components@2.2.2

flowise-components@2.2.3

flowise-components@2.2.4

flowise-components@2.2.5

flowise-components@2.2.6

flowise-components@2.2.7

flowise-components@2.2.7-patch.1

flowise-components@2.2.8

flowise-components@3.*

flowise-components@3.0.0

flowise-components@3.0.1

flowise-components@3.0.10

flowise-components@3.0.11

flowise-components@3.0.12

flowise-components@3.0.2

flowise-components@3.0.3

flowise-components@3.0.4

flowise-components@3.0.5

flowise-components@3.0.6

flowise-components@3.0.7

flowise-components@3.0.8

flowise-components@3.0.9

flowise-ui@1.*

flowise-ui@1.0.0

flowise-ui@1.1.0

flowise-ui@1.2.0

flowise-ui@1.2.1

flowise-ui@1.2.10

flowise-ui@1.2.12

flowise-ui@1.2.13

flowise-ui@1.2.14

flowise-ui@1.2.15

flowise-ui@1.2.2

flowise-ui@1.2.3

flowise-ui@1.2.4

flowise-ui@1.2.5

flowise-ui@1.2.6

flowise-ui@1.2.7

flowise-ui@1.3.0

flowise-ui@1.3.1

flowise-ui@1.3.2

flowise-ui@1.3.3

flowise-ui@1.3.4

flowise-ui@1.3.5

flowise-ui@1.3.6

flowise-ui@1.3.7

flowise-ui@1.4.0

flowise-ui@1.4.2

flowise-ui@1.4.3

flowise-ui@1.4.4

flowise-ui@1.4.5

flowise-ui@1.4.6

flowise-ui@1.4.7

flowise-ui@1.4.8

flowise-ui@1.4.9

flowise-ui@1.5.0

flowise-ui@1.5.1

flowise-ui@1.6.0

flowise-ui@1.6.1

flowise-ui@1.6.2

flowise-ui@1.6.3

flowise-ui@1.6.4

flowise-ui@1.6.5

flowise-ui@1.6.6

flowise-ui@1.7.0

flowise-ui@1.7.1

flowise-ui@1.7.2

flowise-ui@1.8.0

flowise-ui@1.8.1

flowise-ui@1.8.2

flowise-ui@1.8.3

flowise-ui@1.8.4

flowise-ui@2.*

flowise-ui@2.0.2

flowise-ui@2.0.3

flowise-ui@2.0.4

flowise-ui@2.0.5

flowise-ui@2.0.6

flowise-ui@2.0.7

flowise-ui@2.1.0

flowise-ui@2.1.1

flowise-ui@2.1.2

flowise-ui@2.1.3

flowise-ui@2.1.4

flowise-ui@2.1.5

flowise-ui@2.2.0

flowise-ui@2.2.1

flowise-ui@2.2.2

flowise-ui@2.2.3

flowise-ui@2.2.4

flowise-ui@2.2.5

flowise-ui@2.2.6

flowise-ui@2.2.7

flowise-ui@2.2.7-patch.1

flowise-ui@2.2.8

flowise-ui@3.*

flowise-ui@3.0.0

flowise-ui@3.0.1

flowise-ui@3.0.10

flowise-ui@3.0.11

flowise-ui@3.0.12

flowise-ui@3.0.2

flowise-ui@3.0.3

flowise-ui@3.0.4

flowise-ui@3.0.5

flowise-ui@3.0.6

flowise-ui@3.0.7

flowise-ui@3.0.8

flowise-ui@3.0.9

flowise@1.*

flowise@1.0.0

flowise@1.0.1

flowise@1.1.0

flowise@1.1.1

flowise@1.2.1

flowise@1.2.11

flowise@1.2.13

flowise@1.2.14

flowise@1.2.15

flowise@1.2.16

flowise@1.2.2

flowise@1.2.3

flowise@1.2.4

flowise@1.2.5

flowise@1.2.6

flowise@1.2.7

flowise@1.2.8

flowise@1.2.9

flowise@1.3.0

flowise@1.3.1

flowise@1.3.2

flowise@1.3.3

flowise@1.3.4

flowise@1.3.5

flowise@1.3.6

flowise@1.3.7

flowise@1.3.8

flowise@1.3.9

flowise@1.4.0

flowise@1.4.1

flowise@1.4.10

flowise@1.4.11

flowise@1.4.12

flowise@1.4.2

flowise@1.4.4

flowise@1.4.5

flowise@1.4.6

flowise@1.4.7

flowise@1.4.8

flowise@1.4.9

flowise@1.5.0

flowise@1.5.1

flowise@1.6.0

flowise@1.6.1

flowise@1.6.2

flowise@1.6.3

flowise@1.6.4

flowise@1.6.5

flowise@1.6.6

flowise@1.7.0

flowise@1.7.1

flowise@1.7.2

flowise@1.8.0

flowise@1.8.1

flowise@1.8.2

flowise@1.8.3

flowise@1.8.4

flowise@2.*

flowise@2.0.2

flowise@2.0.3

flowise@2.0.4

flowise@2.0.5

flowise@2.0.6

flowise@2.0.7

flowise@2.1.0

flowise@2.1.1

flowise@2.1.2

flowise@2.1.3

flowise@2.1.4

flowise@2.1.5

flowise@2.2.0

flowise@2.2.1

flowise@2.2.2

flowise@2.2.3

flowise@2.2.4

flowise@2.2.5

flowise@2.2.6

flowise@2.2.6-hotfix.1

flowise@2.2.7

flowise@2.2.7-patch.1

flowise@2.2.8

flowise@3.*

flowise@3.0.0

flowise@3.0.1

flowise@3.0.10

flowise@3.0.11

flowise@3.0.12

flowise@3.0.2

flowise@3.0.3

flowise@3.0.4

flowise@3.0.5

flowise@3.0.6

flowise@3.0.7

flowise@3.0.8

flowise@3.0.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30823.json"