Vulnerability Description
A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated remotely. The affected component should be upgraded.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Flowiseai | Flowise | <= 3.0.12 |
Related Weaknesses (CWE)
References
- https://gist.github.com/YLChen-007/3584e6ffa0bba6367328ecf0b46b0e4bExploitThird Party Advisory
- https://vuldb.com/submit/777657Third Party AdvisoryVDB Entry
- https://vuldb.com/vuln/361274Third Party AdvisoryVDB Entry
- https://vuldb.com/vuln/361274/ctiPermissions RequiredVDB Entry
- https://vuldb.com/submit/777657Third Party AdvisoryVDB Entry
FAQ
What is CVE-2026-8027?
CVE-2026-8027 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument...
How severe is CVE-2026-8027?
CVE-2026-8027 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-8027?
Check the references section above for vendor advisories and patch information. Affected products include: Flowiseai Flowise.