← volver
CVE-2025-71327

Flowise - Authentication Bypass via Unprotected Registration Endpoint

CVSS 9.3 CRITICALEPSS 0.5%CWE-306
Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API access without credentials.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Productos afectados
Flowise · Flowise

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-v5w9-prxf-w882https://www.vulncheck.com/advisories/flowise-authentication-bypass-via-unprotected-registration-endpoint