{"api_version":"1","generated_at":"2026-05-13T08:50:31+00:00","cve":"CVE-2026-8028","urls":{"html":"https://cve.report/CVE-2026-8028","api":"https://cve.report/api/cve/CVE-2026-8028.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-8028","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-8028"},"summary":{"title":"FlowiseAI Flowise Endpoint account.service.ts verify information disclosure","description":"A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit is now public and may be used. Upgrading the affected component is recommended.","state":"PUBLISHED","assigner":"VulDB","published_at":"2026-05-06 15:16:13","updated_at":"2026-05-07 14:47:19"},"problem_types":["CWE-200","CWE-284","NVD-CWE-noinfo","CWE-200 Information Disclosure","CWE-284 Improper Access Controls"],"metrics":[{"version":"4.0","source":"cna@vuldb.com","type":"Secondary","score":"2.9","severity":"LOW","vector":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","data":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.9,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}},{"version":"4.0","source":"CNA","type":"DECLARED","score":"6.3","severity":"MEDIUM","vector":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P","data":{"baseScore":6.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"version":"3.1","source":"cna@vuldb.com","type":"Primary","score":"3.7","severity":"LOW","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"DECLARED","score":"3.7","severity":"LOW","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C","data":{"baseScore":3.7,"baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C","version":"3.1"}},{"version":"3.0","source":"CNA","type":"DECLARED","score":"3.7","severity":"LOW","vector":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C","data":{"baseScore":3.7,"baseSeverity":"LOW","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C","version":"3.0"}},{"version":"2.0","source":"cna@vuldb.com","type":"Secondary","score":"2.6","severity":"","vector":"AV:N/AC:H/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N","baseScore":2.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"2.0","source":"CNA","type":"DECLARED","score":"2.6","severity":"","vector":"AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C","data":{"baseScore":2.6,"vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C","version":"2.0"}}],"references":[{"url":"https://vuldb.com/vuln/361276","name":"https://vuldb.com/vuln/361276","refsource":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/submit/777659","name":"https://vuldb.com/submit/777659","refsource":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://gist.github.com/YLChen-007/1d52497b0221835f99367be61612746b","name":"https://gist.github.com/YLChen-007/1d52497b0221835f99367be61612746b","refsource":"cna@vuldb.com","tags":["Exploit","Third Party Advisory"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://vuldb.com/vuln/361276/cti","name":"https://vuldb.com/vuln/361276/cti","refsource":"cna@vuldb.com","tags":["Permissions Required","VDB Entry"],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-8028","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-8028","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"FlowiseAI","product":"Flowise","version":"affected 3.0.0","platforms":[]},{"source":"CNA","vendor":"FlowiseAI","product":"Flowise","version":"affected 3.0.1","platforms":[]},{"source":"CNA","vendor":"FlowiseAI","product":"Flowise","version":"affected 3.0.2","platforms":[]},{"source":"CNA","vendor":"FlowiseAI","product":"Flowise","version":"affected 3.0.3","platforms":[]},{"source":"CNA","vendor":"FlowiseAI","product":"Flowise","version":"affected 3.0.4","platforms":[]},{"source":"CNA","vendor":"FlowiseAI","product":"Flowise","version":"affected 3.0.5","platforms":[]},{"source":"CNA","vendor":"FlowiseAI","product":"Flowise","version":"affected 3.0.6","platforms":[]},{"source":"CNA","vendor":"FlowiseAI","product":"Flowise","version":"affected 3.0.7","platforms":[]},{"source":"CNA","vendor":"FlowiseAI","product":"Flowise","version":"affected 3.0.8","platforms":[]},{"source":"CNA","vendor":"FlowiseAI","product":"Flowise","version":"affected 3.0.9","platforms":[]},{"source":"CNA","vendor":"FlowiseAI","product":"Flowise","version":"affected 3.0.10","platforms":[]},{"source":"CNA","vendor":"FlowiseAI","product":"Flowise","version":"affected 3.0.11","platforms":[]},{"source":"CNA","vendor":"FlowiseAI","product":"Flowise","version":"affected 3.0.12","platforms":[]}],"timeline":[{"source":"CNA","time":"2026-05-06T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"source":"CNA","time":"2026-05-06T02:00:00.000Z","lang":"en","value":"VulDB entry created"},{"source":"CNA","time":"2026-05-06T09:45:52.000Z","lang":"en","value":"VulDB entry last update"}],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"Eric-a (VulDB User)","lang":"en"}],"nvd_cpes":[{"cve_year":"2026","cve_id":"8028","vulnerable":"1","versionEndIncluding":"3.0.12","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"flowiseai","cpe5":"flowise","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2026","cve_id":"8028","cve":"CVE-2026-8028","epss":"0.000320000","percentile":"0.095680000","score_date":"2026-05-12","updated_at":"2026-05-13 00:11:54"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2026-8028","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-05-06T14:35:22.031829Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-05-06T14:35:31.158Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"cpes":["cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*"],"modules":["Endpoint"],"product":"Flowise","vendor":"FlowiseAI","versions":[{"status":"affected","version":"3.0.0"},{"status":"affected","version":"3.0.1"},{"status":"affected","version":"3.0.2"},{"status":"affected","version":"3.0.3"},{"status":"affected","version":"3.0.4"},{"status":"affected","version":"3.0.5"},{"status":"affected","version":"3.0.6"},{"status":"affected","version":"3.0.7"},{"status":"affected","version":"3.0.8"},{"status":"affected","version":"3.0.9"},{"status":"affected","version":"3.0.10"},{"status":"affected","version":"3.0.11"},{"status":"affected","version":"3.0.12"}]}],"credits":[{"lang":"en","type":"reporter","value":"Eric-a (VulDB User)"}],"descriptions":[{"lang":"en","value":"A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit is now public and may be used. Upgrading the affected component is recommended."}],"metrics":[{"cvssV4_0":{"baseScore":6.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P","version":"4.0"}},{"cvssV3_1":{"baseScore":3.7,"baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C","version":"3.1"}},{"cvssV3_0":{"baseScore":3.7,"baseSeverity":"LOW","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C","version":"3.0"}},{"cvssV2_0":{"baseScore":2.6,"vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C","version":"2.0"}}],"problemTypes":[{"descriptions":[{"cweId":"CWE-200","description":"Information Disclosure","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-284","description":"Improper Access Controls","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-06T14:15:10.891Z","orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB"},"references":[{"name":"VDB-361276 | FlowiseAI Flowise Endpoint account.service.ts verify information disclosure","tags":["vdb-entry","technical-description"],"url":"https://vuldb.com/vuln/361276"},{"name":"VDB-361276 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"],"url":"https://vuldb.com/vuln/361276/cti"},{"name":"Submit #777659 | FlowiseAI Flowise <= 3.0.12 Exposure of Sensitive Information (CWE-200)","tags":["third-party-advisory"],"url":"https://vuldb.com/submit/777659"},{"tags":["exploit"],"url":"https://gist.github.com/YLChen-007/1d52497b0221835f99367be61612746b"}],"timeline":[{"lang":"en","time":"2026-05-06T00:00:00.000Z","value":"Advisory disclosed"},{"lang":"en","time":"2026-05-06T02:00:00.000Z","value":"VulDB entry created"},{"lang":"en","time":"2026-05-06T09:45:52.000Z","value":"VulDB entry last update"}],"title":"FlowiseAI Flowise Endpoint account.service.ts verify information disclosure"}},"cveMetadata":{"assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","assignerShortName":"VulDB","cveId":"CVE-2026-8028","datePublished":"2026-05-06T14:15:10.891Z","dateReserved":"2026-05-06T07:40:41.272Z","dateUpdated":"2026-05-06T14:35:31.158Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-06 15:16:13","lastModifiedDate":"2026-05-07 14:47:19","problem_types":["CWE-200","CWE-284","NVD-CWE-noinfo","CWE-200 Information Disclosure","CWE-284 Improper Access Controls"],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.9,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":3.7,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":1.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N","baseScore":2.6,"accessVector":"NETWORK","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":4.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*","versionEndIncluding":"3.0.12","matchCriteriaId":"2814BF9D-05F5-48AC-AA29-250D429CFCFF"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"8028","Ordinal":"1","Title":"FlowiseAI Flowise Endpoint account.service.ts verify information","CVE":"CVE-2026-8028","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"8028","Ordinal":"1","NoteData":"A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit is now public and may be used. Upgrading the affected component is recommended.","Type":"Description","Title":"FlowiseAI Flowise Endpoint account.service.ts verify information"}]}}}