Home / Vulnerability Intelligence / CVE-2026-30823

CVE-2026-30823 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 9, 2026

Flowise - Insecure Direct Object Reference

Published: March 7, 2026Updated: March 9, 2026Remote Exploitable

Overview

Flowise < 3.0.13 contains an insecure direct object reference (IDOR) vulnerability caused by improper access control in SSO configuration, letting attackers take over accounts and bypass enterprise features, exploit requires user authentication.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 1.6%(Probability of exploitation in next 30 days)

Impact

Attackers can take over user accounts and bypass enterprise feature restrictions, leading to unauthorized access and privilege escalation.

Mitigation

Update to version 3.0.13 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 7, 2026

🟠 CVE-2026-30823 - High (8.8) Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, there is an IDOR vulnerability, leading to account takeover and enterprise feature bypass via SSO configuration. This issue has been ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-30823/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-30823
Severity: High
CVSS Score: 8.8
Type: broken_access_control
Status: unconfirmed
EPSS: 1.6%
Social Posts: 1

CWE

CWE-639

CVSS Metrics

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

1.6%Probability of exploitation in the next 30 days