CVE-2026-56276 is a medium-severity vulnerability in Flowise, a platform that allows users to create and manage AI workflows. The vulnerability exists in the PUT /api/v1/user endpoint and enables authenticated users to modify the credential field without validation, potentially allowing attackers to bypass password change verification and session invalidation. This could lead to persistent account access [truncated]
CVE-2024-58351 is a critical vulnerability in Flowise, a platform that allows configuration to be injected into the Chainflow during execution via the overrideConfig option. This feature, enabled by default with no allow-list of permitted variables, relies on vm2 for sandboxing. An attacker can exploit this to achieve remote code execution, denial of service, server-side request forgery, prompt injection, [truncated]
