GHSA-6f7g-v4pp-r667

Suggest an improvement
Source
https://github.com/advisories/GHSA-6f7g-v4pp-r667
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-6f7g-v4pp-r667/GHSA-6f7g-v4pp-r667.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-6f7g-v4pp-r667
Aliases
  • CVE-2026-41273
Published
2026-04-16T21:52:46Z
Modified
2026-05-05T16:03:56.944614Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS Calculator
  • 7.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:N/SA:N CVSS Calculator
Summary
Flowise: Unauthenticated OAuth 2.0 Access Token Disclosure via Public Chatflow in Flowise
Details

Summary

Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacker to obtain OAuth 2.0 access tokens associated with a public chatflow.

By accessing a public chatflow configuration endpoint, an attacker can retrieve internal workflow data, including OAuth credential identifiers, which can then be used to refresh and obtain valid OAuth 2.0 access tokens without authentication.

Details

Flowise is designed to allow public chatflows to be accessed by unauthenticated end users via public URLs or embedded widgets. As a result, chatflowId values are intentionally exposed to unauthenticated clients and must not be treated as secrets.

However, the endpoint GET /api/v1/public-chatbotConfig/<chatflowId> returns internal flowData without authentication. The returned flowData includes workflow node definitions containing OAuth credential identifiers (credential field).

Separately, the endpoint POST /api/v1/oauth2-credential/refresh/<credentialId> allows OAuth. 2.0 tokens to be refreshed without authentication or authorization checks.

Because credential identifiers can be obtained from the unauthenticated public chatflow configuration endpoint, these two behaviors can be combined to allow unauthenticated OAuth 2.0 access token disclosure.

PoC

Prerequisites - Self-hosted Flowise instance - A public chatflow configured with an OAuth 2.0 credential (e.g., Gmail OAuth2)

Step 1: Obtain chatflowId

The chatflowId is exposed to unauthenticated users via public chatflow URLs, embedded widgets, or browser network requests when accessing a public chatflow.

Example: d37b9812-72c1-4c64-b152-665f307f755e

Step 2: Retrieve internal flowData without authentication

curl -s \
  http://localhost:3000/api/v1/public-chatbotConfig/d37b9812-72c1-4c64-b152-665f307f755e

The response includes flowData containing an OAuth credential identifier, for example:

"credential": "6efe0e20-ba6f-4fbb-9960-658feffa0542"

Step 3: Refresh OAuth 2.0 token without authentication

curl -X POST \
  http://localhost:3000/api/v1/oauth2-credential/refresh/6efe0e20-ba6f-4fbb-9960-658feffa0542

The response returns valid OAuth 2.0 access token data, including an access_token.

Impact

An unauthenticated attacker can obtain OAuth 2.0 access tokens for third-party services configured in Flowise, potentially leading to unauthorized data access, API abuse, or account compromise.

This vulnerability affects self-hosted deployments because public chatflows are commonly exposed to the internet and require unauthenticated access by design. Treating chatflowId as a secret does not mitigate the issue.

Database specific 
{
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-16T21:52:46Z",
    "cwe_ids": [
        "CWE-306"
    ],
    "severity": "HIGH",
    "nvd_published_at": "2026-04-23T20:16:15Z"
}
References

Affected packages

npm / flowise

Package

Name
flowise
View open source insights on deps.dev
Purl
pkg:npm/flowise

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.0

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-6f7g-v4pp-r667/GHSA-6f7g-v4pp-r667.json"
last_known_affected_version_range 
"<= 3.0.13"