External risk intelligence

Flowise Plaintext Authentication Validation Vulnerability

CVE advisorySeverity: CRITICAL (CVSS 9.1)

CVE-2026-46440

A critical vulnerability exists in Flowise's authentication endpoint, allowing plaintext credential validation without rate limiting. This could enable unauthorized access to the application, potentially compromising custom large language model flows. Organizations should verify the relevance and exposure of their Flow

4Halo Surface Signal

Flowiseai Flowise

before 3.1.2

External exposure likelihood

Halo Surface Signal score for CVE-2026-46440

Flowise is a web-based application designed to build and manage large language model flows. Such platforms are commonly deployed as web interfaces accessible via the network to allow users to design and interact with workflows, frequently resulting in internet-facing or externally accessible deployments.

PCI scan relevance

PCI Relevance for CVE-2026-46440

Yes

CVE-2026-46440 — Halo PCI Relevance: Yes. Under typical PCI ASV external scan criteria, this issue may be flagged for scan prioritization.

This vulnerability in Flowise allows for the exposure of credentials without rate limiting. The critical severity indicates a significant risk relevant to PCI compliance.

Scan-prioritization guidance only—not a PCI DSS certification or ASV attestation.

Horizon Alert

Summary of the vulnerability and why it matters

This advisory details a critical vulnerability in Flowise, a tool for building large language model flows. The issue lies in how the `checkBasicAuth` endpoint handles credentials, allowing for plaintext validation without sufficient protection. This could allow unauthorized access and manipulation of custom AI workflows.

Plaintext credentials without checks.
Protects custom AI workflow designs.
Confirm relevance and exposure.

Attack Path

How an attacker could exploit the issue

An attacker could reach the vulnerable component by accessing the Flowise application over the network. The `checkBasicAuth` endpoint is exposed and handles authentication credentials insecurely. This could allow an attacker to gain unauthorized access to the application's functionalities.

No special access needed.
Plaintext credential checks.
Unauthorized access risk.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could expose the credentials used to authenticate with Flowise when the `checkBasicAuth` endpoint is accessed. Attackers could potentially gain unauthorized access to Flowise instances due to the plaintext credential validation and lack of rate limiting.

Flowise authentication credentials.
Plaintext validation without rate limiting.
Unauthorized access to Flowise instances.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Application owners are primarily responsible for addressing this vulnerability in Flowise, as it directly impacts the custom large language model flows they build and manage. The first practical step is to locate all instances of Flowise within your environment, determine their reachability and criticality to business operations, identify the specific application owner for each instance, and then prioritize remediation efforts based on identified risks.

Application owners must address this.
Verify Flowise instances and their reachability.
Plan risk-based remediation or upgrade.

Frequently asked questions

What is Flowise?

Flowise is a software platform with a drag-and-drop interface that helps developers and users design, manage, and deploy custom workflows powered by large language models. It acts as a bridge between complex AI models and visual application building, allowing users to connect various components to process data and generate responses.

What is the vulnerability in CVE-2026-46440?

This vulnerability relates to CWE-522, which involves insecure credential storage or handling. In this instance, the Flowise `checkBasicAuth` endpoint processes login credentials in plaintext and lacks rate-limiting mechanisms. This means the system does not sufficiently protect authentication attempts, making it easier for unauthorized parties to test or guess valid credentials without the software automatically blocking repeated attempts.

How does an attacker trigger this vulnerability?

An attacker triggers this by sending specially crafted requests directly to the `checkBasicAuth` endpoint over the network. Because the system performs a direct comparison of plaintext credentials without rate limiting, it does not require complex preconditions, specialized user privileges, or interaction from an administrator to attempt unauthorized access.

Is my Flowise instance at risk?

Halo Surface Signal indicates that Flowise is often deployed as a web interface accessible via the network to support collaborative workflow design. If your instance is internet-facing or reachable by unauthorized users on your internal network, it is at higher risk. You should review your deployment's visibility to understand if it is exposed to untrusted connections.

How do I address this CVE?

The primary response is to update your Flowise software to version 3.1.2 or later, where this credential validation issue is patched. Start by identifying all running instances within your environment, assessing their network reachability, and coordinating with the relevant application owners to schedule and apply the update.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.