External risk intelligence

Flowise Session Hijacking Via Weak Default Secret

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2026-56278

Flowise is a low-code tool for building LLM applications and AI agents, which is frequently deployed as a web-accessible service or API gateway to allow interaction with external users or integration into other web applications, making its web interface a common internet-facing surface.

Flowiseai Flowise

before 3.1.0

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

A security vulnerability has been identified in Flowise, a platform for building AI applications. The issue stems from a weak, hardcoded default secret used for session management, which, if not overridden, allows attackers to bypass authentication by forging session cookies and impersonating users. This could expose sensitive data or allow unauthorized access to systems that rely on Flowise for access control.

  • Weak default secret allows session hijacking.
  • Protects access to AI applications and data.
  • Confirm system relevance and exposure.

Attack Path

How an attacker could exploit the issue

An attacker can exploit this vulnerability by sending specially crafted requests to a Flowise instance that has not had its default session secret changed. This allows them to forge session cookies, bypass authentication, and impersonate any user.

  • No special access required.
  • Forge session cookies.
  • Impersonate any user.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an attacker to impersonate any user by forging session cookies when the system's default secret is used. This can occur if the `EXPRESS_SESSION_SECRET` environment variable is not configured, leaving the default secret exposed in the source code.

  • User authentication could be bypassed.
  • Attackers can forge session cookies.
  • Unauthorized access to user accounts.

Operational Fix

Recommended remediation, mitigation, and detection steps

The Flowise server team, potentially supported by infrastructure or platform teams, is responsible for addressing this critical authentication bypass vulnerability. The first practical step is to identify all Flowise instances, confirm their external reachability or business criticality, and then plan remediation.

  • Identify and confirm Flowise instances.
  • Verify external reachability and criticality.
  • Plan remediation based on risk.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is Flowise?

Flowise is a low-code software platform designed for building LLM applications and AI agents. It provides a web-based interface and API gateway that allows users to construct complex workflows, manage AI model interactions, and integrate generative AI capabilities into other web services or applications.

How does CVE-2026-56278 lead to session hijacking?

This vulnerability is classified as CWE-798, which involves the use of hardcoded credentials. In Flowise, the application uses a predictable, publicly known default secret to sign session cookies. Because the secret is visible in the source code, an attacker can create their own valid-looking cookies. This allows them to impersonate any user on the system and bypass the intended authentication mechanisms entirely.

When does this authentication bypass trigger?

The vulnerability triggers only when the system fails to override the default configuration. Specifically, it occurs when the EXPRESS_SESSION_SECRET environment variable is left unset in the server environment. If an administrator has explicitly set this environment variable to a custom, private value, the default hardcoded secret is not used, and the system is not vulnerable to this specific attack path.

Is my Flowise instance at risk?

According to Halo Surface Signal, Flowise is frequently deployed as a web-accessible service or API gateway to support external users or third-party integrations, which often makes its interface internet-facing. If your instance is reachable over the network and lacks a custom session secret, it is accessible to unauthorized actors. Assessing whether your deployment is exposed to the internet is a critical step in determining your immediate risk level.

What is the first step to secure my Flowise installation?

Your first priority is to locate all active Flowise deployments within your environment. Once identified, verify whether the EXPRESS_SESSION_SECRET environment variable is configured with a strong, unique, and private value. If this variable is missing or using the default, you must update the configuration immediately to replace the hardcoded secret and restart the service to invalidate any previously forged sessions.

References