GHSA-7G73-99R4-M4MJ: GHSA-7G73-99R4-M4MJ: Credential Data Leak in FlowiseAI API Responses

1 / 2

GHSA-7G73-99R4-M4MJ: GHSA-7G73-99R4-M4MJ: Credential Data Leak in FlowiseAI API Responses

DEV Community·CVE Reports·18 days ago

#rDpwdXg9

#officialreleasenotes #security #cve #cybersecurity #flowise #flowiseai

Reading 0:00

15s threshold

GHSA-7G73-99R4-M4MJ: Credential Data Leak in FlowiseAI API Responses Vulnerability ID: GHSA-7G73-99R4-M4MJ CVSS Score: 7.5 Published: 2026-05-14 FlowiseAI versions prior to 3.1.2 suffer from a CWE-200 Information Exposure vulnerability. The application's credential management API inadvertently returns the encryptedData field containing ciphertext for sensitive integrations in its JSON responses. TL;DR An API serialization flaw in FlowiseAI < 3.1.2 leaks encrypted credentials in JSON responses. Attackers can harvest this ciphertext, facilitating complete credential compromise if the master encryption key is separately obtained.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

GHSA-7G73-99R4-M4MJ: GHSA-7G73-99R4-M4MJ: Credential Data Leak in FlowiseAI API Responses