CVE-2026-56267

Source
https://cve.org/CVERecord?id=CVE-2026-56267
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-56267.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-56267
Aliases
Published
2026-06-20T15:24:43.347Z
Modified
2026-07-08T08:13:46.432434944Z
Severity
  • 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:H/SI:N/SA:N CVSS Calculator
Summary
Flowise - PII Disclosure via Unauthenticated Forgot Password Endpoint
Details

Flowise before 3.0.13 contains an information exposure vulnerability in the POST /api/v1/account/forgot-password endpoint that returns full user objects including PII to unauthenticated attackers. An attacker can enumerate valid email addresses and harvest sensitive user data including user IDs, names, account status, and timestamps by sending requests with known email addresses.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/56xxx/CVE-2026-56267.json",
    "cna_assigner": "VulnCheck",
    "cwe_ids": [
        "CWE-200"
    ]
}
References

Affected packages

Git / github.com/flowiseai/flowise

Affected ranges

Type
GIT
Repo
https://github.com/flowiseai/flowise
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "DESCRIPTION"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.0.13"
        }
    ]
}

Affected versions

flowise-components@1.*
flowise-components@1.0.0
flowise-components@1.1.0
flowise-components@1.1.1
flowise-components@1.2.1
flowise-components@1.2.10
flowise-components@1.2.12
flowise-components@1.2.14
flowise-components@1.2.15
flowise-components@1.2.16
flowise-components@1.2.17
flowise-components@1.2.2
flowise-components@1.2.3
flowise-components@1.2.4
flowise-components@1.2.5
flowise-components@1.2.6
flowise-components@1.2.7
flowise-components@1.2.8
flowise-components@1.2.9
flowise-components@1.3.0
flowise-components@1.3.1
flowise-components@1.3.10
flowise-components@1.3.11
flowise-components@1.3.2
flowise-components@1.3.3
flowise-components@1.3.4
flowise-components@1.3.5
flowise-components@1.3.7
flowise-components@1.3.8
flowise-components@1.3.9
flowise-components@1.4.0
flowise-components@1.4.1
flowise-components@1.4.2
flowise-components@1.4.6
flowise-components@1.4.7
flowise-components@1.4.8
flowise-components@1.4.9
flowise-components@1.5.0
flowise-components@1.5.1
flowise-components@1.5.2
flowise-components@1.5.3
flowise-components@1.6.0
flowise-components@1.6.1
flowise-components@1.6.2
flowise-components@1.6.3
flowise-components@1.6.4
flowise-components@1.6.5
flowise-components@1.6.6
flowise-components@1.6.7
flowise-components@1.6.8
flowise-components@1.7.0
flowise-components@1.7.1
flowise-components@1.7.2
flowise-components@1.8.0
flowise-components@1.8.1
flowise-components@1.8.3
flowise-components@1.8.4
flowise-components@1.8.6
flowise-components@2.*
flowise-components@2.0.2
flowise-components@2.0.3
flowise-components@2.0.4
flowise-components@2.0.5
flowise-components@2.0.6
flowise-components@2.0.7
flowise-components@2.1.0
flowise-components@2.1.1
flowise-components@2.1.2
flowise-components@2.1.3
flowise-components@2.1.4
flowise-components@2.1.5
flowise-components@2.2.0
flowise-components@2.2.1
flowise-components@2.2.2
flowise-components@2.2.3
flowise-components@2.2.4
flowise-components@2.2.5
flowise-components@2.2.6
flowise-components@2.2.7
flowise-components@2.2.7-patch.1
flowise-components@2.2.8
flowise-components@3.*
flowise-components@3.0.0
flowise-components@3.0.1
flowise-components@3.0.10
flowise-components@3.0.11
flowise-components@3.0.12
flowise-components@3.0.2
flowise-components@3.0.3
flowise-components@3.0.4
flowise-components@3.0.5
flowise-components@3.0.6
flowise-components@3.0.7
flowise-components@3.0.8
flowise-components@3.0.9
flowise-ui@1.*
flowise-ui@1.0.0
flowise-ui@1.1.0
flowise-ui@1.2.0
flowise-ui@1.2.1
flowise-ui@1.2.10
flowise-ui@1.2.12
flowise-ui@1.2.13
flowise-ui@1.2.14
flowise-ui@1.2.15
flowise-ui@1.2.2
flowise-ui@1.2.3
flowise-ui@1.2.4
flowise-ui@1.2.5
flowise-ui@1.2.6
flowise-ui@1.2.7
flowise-ui@1.3.0
flowise-ui@1.3.1
flowise-ui@1.3.2
flowise-ui@1.3.3
flowise-ui@1.3.4
flowise-ui@1.3.5
flowise-ui@1.3.6
flowise-ui@1.3.7
flowise-ui@1.4.0
flowise-ui@1.4.2
flowise-ui@1.4.3
flowise-ui@1.4.4
flowise-ui@1.4.5
flowise-ui@1.4.6
flowise-ui@1.4.7
flowise-ui@1.4.8
flowise-ui@1.4.9
flowise-ui@1.5.0
flowise-ui@1.5.1
flowise-ui@1.6.0
flowise-ui@1.6.1
flowise-ui@1.6.2
flowise-ui@1.6.3
flowise-ui@1.6.4
flowise-ui@1.6.5
flowise-ui@1.6.6
flowise-ui@1.7.0
flowise-ui@1.7.1
flowise-ui@1.7.2
flowise-ui@1.8.0
flowise-ui@1.8.1
flowise-ui@1.8.2
flowise-ui@1.8.3
flowise-ui@1.8.4
flowise-ui@2.*
flowise-ui@2.0.2
flowise-ui@2.0.3
flowise-ui@2.0.4
flowise-ui@2.0.5
flowise-ui@2.0.6
flowise-ui@2.0.7
flowise-ui@2.1.0
flowise-ui@2.1.1
flowise-ui@2.1.2
flowise-ui@2.1.3
flowise-ui@2.1.4
flowise-ui@2.1.5
flowise-ui@2.2.0
flowise-ui@2.2.1
flowise-ui@2.2.2
flowise-ui@2.2.3
flowise-ui@2.2.4
flowise-ui@2.2.5
flowise-ui@2.2.6
flowise-ui@2.2.7
flowise-ui@2.2.7-patch.1
flowise-ui@2.2.8
flowise-ui@3.*
flowise-ui@3.0.0
flowise-ui@3.0.1
flowise-ui@3.0.10
flowise-ui@3.0.11
flowise-ui@3.0.12
flowise-ui@3.0.2
flowise-ui@3.0.3
flowise-ui@3.0.4
flowise-ui@3.0.5
flowise-ui@3.0.6
flowise-ui@3.0.7
flowise-ui@3.0.8
flowise-ui@3.0.9
flowise@1.*
flowise@1.0.0
flowise@1.0.1
flowise@1.1.0
flowise@1.1.1
flowise@1.2.1
flowise@1.2.11
flowise@1.2.13
flowise@1.2.14
flowise@1.2.15
flowise@1.2.16
flowise@1.2.2
flowise@1.2.3
flowise@1.2.4
flowise@1.2.5
flowise@1.2.6
flowise@1.2.7
flowise@1.2.8
flowise@1.2.9
flowise@1.3.0
flowise@1.3.1
flowise@1.3.2
flowise@1.3.3
flowise@1.3.4
flowise@1.3.5
flowise@1.3.6
flowise@1.3.7
flowise@1.3.8
flowise@1.3.9
flowise@1.4.0
flowise@1.4.1
flowise@1.4.10
flowise@1.4.11
flowise@1.4.12
flowise@1.4.2
flowise@1.4.4
flowise@1.4.5
flowise@1.4.6
flowise@1.4.7
flowise@1.4.8
flowise@1.4.9
flowise@1.5.0
flowise@1.5.1
flowise@1.6.0
flowise@1.6.1
flowise@1.6.2
flowise@1.6.3
flowise@1.6.4
flowise@1.6.5
flowise@1.6.6
flowise@1.7.0
flowise@1.7.1
flowise@1.7.2
flowise@1.8.0
flowise@1.8.1
flowise@1.8.2
flowise@1.8.3
flowise@1.8.4
flowise@2.*
flowise@2.0.2
flowise@2.0.3
flowise@2.0.4
flowise@2.0.5
flowise@2.0.6
flowise@2.0.7
flowise@2.1.0
flowise@2.1.1
flowise@2.1.2
flowise@2.1.3
flowise@2.1.4
flowise@2.1.5
flowise@2.2.0
flowise@2.2.1
flowise@2.2.2
flowise@2.2.3
flowise@2.2.4
flowise@2.2.5
flowise@2.2.6
flowise@2.2.6-hotfix.1
flowise@2.2.7
flowise@2.2.7-patch.1
flowise@2.2.8
flowise@3.*
flowise@3.0.0
flowise@3.0.1
flowise@3.0.10
flowise@3.0.11
flowise@3.0.12
flowise@3.0.2
flowise@3.0.3
flowise@3.0.4
flowise@3.0.5
flowise@3.0.6
flowise@3.0.7
flowise@3.0.8
flowise@3.0.9

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-56267.json"