A critical authenticated vulnerability has been identified in Flowise Cloud, a platform for building customized large language model flows. This flaw allows any authenticated user to potentially access or manipulate data and resources belonging to other users or tenants on the platform, posing a severe risk of data breaches, intellectual property theft, and unauthorized system modifications. Due to the critical severity rating, immediate remediation is required to prevent compromise.

This is a critical Broken Access Control vulnerability within the Flowise Cloud multi-tenant architecture. An authenticated attacker with low-level privileges can exploit this flaw by manipulating API requests or internal identifiers to bypass authorization checks. This allows the attacker to read, modify, or delete resources—such as LLM flows, data sources, or API keys—belonging to other tenants on the same cloud platform, leading to a complete compromise of confidentiality and integrity for affected accounts.

This vulnerability is rated as critical severity with a CVSS score of 9.6, indicating a high potential for significant business disruption. Successful exploitation could lead to a multi-tenant data breach, exposing sensitive corporate data, customer information, and proprietary AI models processed by the LLM flows. The potential consequences include severe reputational damage, loss of customer trust, direct financial loss, and potential regulatory fines under data protection laws like GDPR. The ability for one compromised account to impact others creates a systemic risk to all organizations using the affected cloud service.

Immediate Action: Immediately update all instances of Flowise is a drag Multiple Products to the latest version as recommended by the vendor to patch the vulnerability. Following the update, conduct a thorough review of all access logs, focusing on the time period before the patch was applied, to identify any signs of unauthorized access or suspicious activity.

Proactive Monitoring: Implement enhanced logging and alerting to detect potential exploitation attempts. Monitor for API calls where a user attempts to access resources (e.g., flow IDs, user profiles, data connections) that do not correspond to their own tenant ID. Establish alerts for high volumes of "access denied" errors, which could indicate an attacker is probing for this vulnerability by enumerating identifiers.

Compensating Controls: If immediate patching is not feasible, implement a Web Application Firewall (WAF) with strict rules to block requests that attempt to traverse directories or access resources outside of a user's validated session scope. Enforce strict session-to-tenant ID mapping at the network gateway or load balancer level to ensure all requests are validated against the correct tenant context before reaching the application. Restrict access to the platform to only trusted IP ranges as a temporary containment measure.

Public Exploit Available: false

This vulnerability represents a critical and immediate threat to the organization. Due to the CVSS score of 9.6, the highest priority must be given to applying the vendor-supplied patch across all affected systems without delay. Although this CVE is not currently listed on the CISA KEV catalog, its severity makes it a likely candidate for future inclusion. Organizations must act on the assumption that this vulnerability will be actively exploited and should immediately execute the remediation plan and verify system integrity.