{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-8028","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2026-05-06T07:40:41.272Z","datePublished":"2026-05-06T14:15:10.891Z","dateUpdated":"2026-05-06T14:35:31.158Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-05-06T14:15:10.891Z"},"title":"FlowiseAI Flowise Endpoint account.service.ts verify information disclosure","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-200","lang":"en","description":"Information Disclosure"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-284","lang":"en","description":"Improper Access Controls"}]}],"affected":[{"vendor":"FlowiseAI","product":"Flowise","versions":[{"version":"3.0.0","status":"affected"},{"version":"3.0.1","status":"affected"},{"version":"3.0.2","status":"affected"},{"version":"3.0.3","status":"affected"},{"version":"3.0.4","status":"affected"},{"version":"3.0.5","status":"affected"},{"version":"3.0.6","status":"affected"},{"version":"3.0.7","status":"affected"},{"version":"3.0.8","status":"affected"},{"version":"3.0.9","status":"affected"},{"version":"3.0.10","status":"affected"},{"version":"3.0.11","status":"affected"},{"version":"3.0.12","status":"affected"}],"cpes":["cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*"],"modules":["Endpoint"]}],"descriptions":[{"lang":"en","value":"A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit is now public and may be used. Upgrading the affected component is recommended."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":6.3,"vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":3.7,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":3.7,"vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":2.6,"vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C"}}],"timeline":[{"time":"2026-05-06T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2026-05-06T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2026-05-06T09:45:52.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Eric-a (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/vuln/361276","name":"VDB-361276 | FlowiseAI Flowise Endpoint account.service.ts verify information disclosure","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/vuln/361276/cti","name":"VDB-361276 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/submit/777659","name":"Submit #777659 | FlowiseAI Flowise <= 3.0.12 Exposure of Sensitive Information (CWE-200)","tags":["third-party-advisory"]},{"url":"https://gist.github.com/YLChen-007/1d52497b0221835f99367be61612746b","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-05-06T14:35:22.031829Z","id":"CVE-2026-8028","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-05-06T14:35:31.158Z"}}]}}