GHSA-5fw2-mwhh-9947

Suggest an improvement
Source
https://github.com/advisories/GHSA-5fw2-mwhh-9947
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-5fw2-mwhh-9947/GHSA-5fw2-mwhh-9947.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-5fw2-mwhh-9947
Aliases
  • CVE-2026-41279
Published
2026-04-17T21:35:14Z
Modified
2026-05-05T16:01:28.127938Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
  • 8.2 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials
Details

Summary

The text-to-speech generation endpoint (POST /api/v1/text-to-speech/generate) is whitelisted (no auth) and accepts a credentialId directly in the request body. When called without a chatflowId, the endpoint uses the provided credentialId to decrypt the stored credential (e.g., OpenAI or ElevenLabs API key) and generate speech.

Root Cause

// packages/server/src/controllers/text-to-speech/index.ts:58-64
} else {
    // Use TTS config from request body
    provider = bodyProvider
    credentialId = bodyCredentialId  // ← attacker-controlled credential ID
    voice = bodyVoice
    model = bodyModel
}

Docker Validation

POST /api/v1/text-to-speech/generate with arbitrary credentialId in body: endpoint processes request, sends SSE tts_start event, only fails when credential doesn't exist — proves code path runs without authentication.

Impact

  • Use victim's API keys (OpenAI, ElevenLabs, Azure, Google) without authorization
  • Burn API credits on the victim's account
  • Generate unlimited speech content at victim's expense
  • Combined with credential ID leak from Finding 2, this is trivially exploitable

Suggested Fix

Remove the TTS endpoint from WHITELIST_URLS or validate that the credential belongs to the chatflow being used:

// Only allow credentialId when it matches the chatflow's TTS configuration
if (!chatflowId) {
    return res.status(401).json({ message: 'Authentication required' })
}

References

  • packages/server/src/controllers/text-to-speech/index.ts lines 10-162
  • packages/server/src/utils/constants.ts line 41 (whitelist entry)

Credits

  • Shinobi Security - https://github.com/shinobisecurity
Database specific 
{
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-17T21:35:14Z",
    "cwe_ids": [
        "CWE-639"
    ],
    "severity": "HIGH",
    "nvd_published_at": "2026-04-23T20:16:16Z"
}
References

Affected packages

npm / flowise

Package

Name
flowise
View open source insights on deps.dev
Purl
pkg:npm/flowise

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.0

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-5fw2-mwhh-9947/GHSA-5fw2-mwhh-9947.json"
last_known_affected_version_range 
"<= 3.0.13"