{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/exploit-db/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Flowise (\u003c 3.0.5)"],"_cs_severities":["high"],"_cs_tags":["flowise","authentication bypass","web application","exploit-db"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eA critical vulnerability exists in Flowise, an open-source visual flow builder for AI automation, affecting versions prior to 3.0.5. This vulnerability, classified as a Missing Authentication for Critical Function, allows unauthenticated attackers to perform sensitive actions within the application. A public exploit (EDB-52557) demonstrating this vulnerability has been published on Exploit-DB, significantly increasing the risk to unpatched Flowise instances. The absence of authentication checks on critical functions could lead to unauthorized access, data manipulation, and complete compromise of the Flowise application and potentially the underlying system.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable Flowise instance running a version prior to 3.0.5.\u003c/li\u003e\n\u003cli\u003eAttacker sends a crafted HTTP request to a critical function endpoint lacking authentication, as detailed in the Exploit-DB entry.\u003c/li\u003e\n\u003cli\u003eThe vulnerable Flowise instance processes the request without verifying user identity.\u003c/li\u003e\n\u003cli\u003eAttacker leverages the missing authentication to bypass access controls.\u003c/li\u003e\n\u003cli\u003eAttacker executes privileged functions, potentially including reading/writing data.\u003c/li\u003e\n\u003cli\u003eAttacker modifies or deletes existing Flowise workflows.\u003c/li\u003e\n\u003cli\u003eAttacker injects malicious code into existing workflows.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves complete control over the Flowise instance, potentially leading to further lateral movement or data exfiltration.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows unauthenticated attackers to perform critical functions within Flowise. This can lead to unauthorized data access, modification, or deletion of sensitive workflows. An attacker could potentially inject malicious code into existing flows, leading to supply chain attacks or further compromise of connected systems. The availability of a public exploit makes exploitation easier, increasing the likelihood of attacks against vulnerable Flowise instances.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Flowise to version 3.0.5 or later to patch the missing authentication vulnerability.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rules below to your SIEM to detect exploitation attempts against Flowise.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests to Flowise endpoints, especially those targeting critical functions.\u003c/li\u003e\n\u003cli\u003eImplement strong network segmentation and access controls to limit the impact of a potential compromise.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-13T13:03:58Z","date_published":"2026-05-13T13:03:58Z","id":"https://feed.craftedsignal.io/briefs/2026-05-flowise-auth-bypass/","summary":"A missing authentication vulnerability in Flowise versions prior to 3.0.5 allows attackers to perform critical functions without authentication, and a working exploit is publicly available on Exploit-DB.","title":"Flowise \u003c 3.0.5 Missing Authentication Vulnerability Exploitable","url":"https://feed.craftedsignal.io/briefs/2026-05-flowise-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Exploit-Db","version":"https://jsonfeed.org/version/1.1"}