Skip to main content
COSMICBYTEZLABS
NewsSecurityHOWTOsToolsTraining
StudyProjectsNewsletterHire MeAbout
Subscribe

Press Enter to search or Esc to close

News
Security
HOWTOs
Tools
Training
Study
Projects
Newsletter
Hire Me
About
RSS Feed
Reading List
Subscribe

Stay in the Loop

Get the latest security alerts, tutorials, and tech insights delivered to your inbox.

Subscribe NowFree forever. No spam.
COSMICBYTEZLABS

Your trusted source for IT intelligence, cybersecurity insights, and hands-on technical guides.

1794+ Articles
149+ Guides

CONTENT

  • Latest News
  • Security Alerts
  • HOWTOs
  • Checklists
  • Projects
  • Exam Prep

RESOURCES

  • Search
  • Browse Tags
  • Newsletter Archive
  • Reading List
  • RSS Feed

COMPANY

  • About Us
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CosmicBytez Labs. All rights reserved.

System Status: Operational
  1. Home
  2. Security
  3. CVE-2025-71327: Flowise Authentication Bypass Grants Full API Access
CVE-2025-71327: Flowise Authentication Bypass Grants Full API Access

Critical Security Alert

This vulnerability is actively being exploited. Immediate action is recommended.

SECURITYCRITICALCVE-2025-71327

CVE-2025-71327: Flowise Authentication Bypass Grants Full API Access

A critical authentication bypass in Flowise allows unauthenticated attackers to register accounts via an unprotected API endpoint and gain full platform...

Dylan H.

Security Team

June 26, 2026
5 min read

Affected Products

  • Flowise — unpatched versions with authentication enabled

Executive Summary

CVE-2025-71327 is a critical authentication bypass vulnerability (CVSS 9.1) in Flowise, the open-source platform for building LLM-powered workflows and chatbots. The /api/v1/account/register endpoint is left completely unprotected, allowing unauthenticated remote attackers to register arbitrary user accounts and gain full API access to the Flowise instance — including access to credentials, AI models, workflows, and data pipelines.

AttributeValue
CVE IDCVE-2025-71327
CVSS Score9.1 (Critical)
TypeAuthentication Bypass
Component/api/v1/account/register endpoint
Attack VectorNetwork
AuthenticationNone required
User InteractionNone
PublishedJune 25, 2026

Vulnerability Details

Root Cause

Flowise implements authentication middleware to protect its API routes. However, the /api/v1/account/register endpoint was not included in the protected route set. An unauthenticated attacker can send a POST request to this endpoint to create an arbitrary user account:

POST /api/v1/account/register HTTP/1.1
Host: flowise.target.com
Content-Type: application/json
 
{
  "username": "attacker",
  "password": "AttackerPass123!",
  "email": "attacker@evil.com"
}

Once registered, the attacker authenticates normally and gains complete access to the Flowise API — equivalent to a legitimate administrator or user depending on the role assigned at registration.

What Attackers Can Access

After bypassing authentication, a threat actor gains access to everything a legitimate Flowise user can reach:

ResourceRisk
Stored credentialsAPI keys for OpenAI, Anthropic, Azure, AWS, databases
LLM workflowsRead, modify, or delete AI chatflow configurations
Vector storesAccess embedded knowledge bases and documents
Tool integrationsInvoke configured tools (webhooks, APIs, code execution)
Chat historyAccess all conversation logs and user data
Custom toolsExecute arbitrary JavaScript via configured code nodes

Severity Amplification: AI Platform Context

The severity is compounded by Flowise's role as an AI orchestration platform. A compromised Flowise instance can expose:

  • LLM API keys — Anthropic, OpenAI, Azure credentials stored in the credential vault
  • Prompt injection vectors — Modify system prompts in production chatbots
  • Data pipeline access — Documents, PDFs, and databases loaded into vector stores
  • Webhook endpoints — Trigger external API calls and automations

Affected Versions

All Flowise versions where authentication is enabled but the registration endpoint bypass is unpatched are affected. Self-hosted Flowise deployments configured with user authentication are the primary risk surface. Cloud-hosted instances (e.g., Flowise Cloud) should be verified with the vendor.

Check your Flowise version:

# Check Flowise version
docker exec <flowise-container> npm list flowise 2>/dev/null | grep flowise
 
# Or check the package.json inside the container
docker exec <flowise-container> cat /usr/src/packages/server/package.json | grep '"version"'

Immediate Remediation

Patch

  1. Update Flowise immediately to the latest patched release via the official GitHub repository or Docker Hub
  2. Restart the Flowise service after applying the update
  3. Audit registered accounts — check for unknown accounts created before patching
# Pull latest patched Flowise Docker image
docker pull flowiseai/flowise:latest
docker-compose up -d --force-recreate flowise

Interim Mitigation (If Patching Is Delayed)

Block the registration endpoint via reverse proxy while preparing the patch:

# Nginx — block unauthenticated access to registration endpoint
location /api/v1/account/register {
    # Allow only internal networks or trusted IPs
    allow 10.0.0.0/8;
    deny all;
}
# Or disable registration entirely in Flowise environment config
FLOWISE_DISABLE_REGISTRATION=true

Post-Patch Audit

  1. Review all registered user accounts for unexpected entries
  2. Rotate all API keys stored in the Flowise credential vault (OpenAI, Anthropic, database credentials, webhooks)
  3. Review LLM workflow configurations for unauthorized modifications
  4. Check chat history logs for attacker reconnaissance activity
  5. Audit external tool integrations for unauthorized webhook calls

Detection

Signs of Active Exploitation

IndicatorDescription
POST /api/v1/account/register in logsRegistration attempt — check timing vs. legitimate usage
Accounts created outside business hoursAttacker-created accounts
Unexpected API key usage spikesStolen credentials being used
Modified chatflow system promptsPrompt injection or workflow tampering
Unusual tool invocationsAttacker executing code or calling external services

Log Query

# Search Flowise logs for registration endpoint hits
docker logs flowise 2>&1 | grep "account/register"
 
# Or check nginx/traefik access logs
grep "POST /api/v1/account/register" /var/log/nginx/access.log

Why This Matters for AI Infrastructure

Flowise is widely deployed for building internal AI assistants, customer-facing chatbots, and LLM-powered automation pipelines. A compromise of a Flowise instance represents a multi-vector attack surface:

  1. Credential harvest — All stored API keys and service credentials are exposed
  2. Supply chain risk — Modified chatbots can be weaponized to attack end users
  3. Data exfiltration — Vector store contents (embedded documents, knowledge bases) can be extracted
  4. Lateral movement — Tool integrations may expose internal network services

Organizations building AI workflows on Flowise should treat this as a priority patch — the unprotected registration endpoint is trivially exploitable with a single HTTP request.


Key Takeaways

  1. CVSS 9.1 Critical — No authentication required to register accounts and gain full API access
  2. Single HTTP request exploit — Trivial to exploit with no tooling required
  3. AI credential exposure — LLM API keys (OpenAI, Anthropic, Azure) stored in credential vault are at risk
  4. Patch immediately — Update to the latest Flowise release and restart
  5. Rotate all credentials stored in Flowise after patching, regardless of confirmed exploitation

References

  • NVD — CVE-2025-71327
  • Flowise GitHub Repository
  • Flowise Docker Hub
  • OWASP — Broken Access Control (A01)
#CVE-2025-71327#Flowise#Authentication Bypass#API Security#LLM Security#AI Platform#NVD

Related Articles

CVE-2026-14198: Fastify Middie Middleware Path Bypass (CVSS 9.1)

Critical path bypass vulnerability in @fastify/middie versions 9.1.0 through 9.3.2 allows attackers to evade middleware protection by exploiting a %2F...

5 min read

CVE-2026-41005: Cloud Foundry UAA SAML Signature Bypass

A high-severity vulnerability (CVSS 9.0) in Cloud Foundry UAA allows attackers to bypass authentication by exploiting the incorrect treatment of XML...

5 min read

CVE-2026-4035: MLflow AI Gateway Credential Exfiltration via Env Variable Resolution

A CVSS 9.1 critical flaw in MLflow AI Gateway allows server-side environment variables in api_key fields to be resolved and exfiltrated to attacker-controlled…

6 min read
Back to all Security Alerts