Flowise contains an authentication bypass vulnerability...
Critical severity
Unreviewed
Published
Jun 26, 2026
to the GitHub Advisory Database
•
Updated Jun 26, 2026
Description
Published by the National Vulnerability Database
Jun 25, 2026
Published to the GitHub Advisory Database
Jun 26, 2026
Last updated
Jun 26, 2026
Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API access without credentials.
References