CVE-2026-41266
Flowise: Sensitive Data Leak in public-chatbotConfig
Description
### Summary `/api/v1/public-chatbotConfig/:id `ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just of a chatflow UUID can retrieve credentials stored in password type fields and HTTP headers, leading to credential theft and more. ### Details Knowledge of chatflow UUID can be obtained from embedded chat widgets, referrer headers or logs and it's the only prerequest. `getSinglePublicChatbotConfig` function in `packages/server/src/services/chatflows/index.ts` returns the full **flowData** object without authorization check or data sanitization. There is a comment as **"Safe as public endpoint as chatbotConfig doesn't contain sensitive credential"** but **flowData** does contain sensitive data such as: `type: 'password'` fields are stored in plaintext (unstructuredAPIKey in S3File node). HTTP Authorization headers in POST / GET Requests nodes. Internal API endpoints and webhook URLs. ### PoC - Add an S3 File node, set "File Processing Method" to "Unstructured". - Enter an API key in "Unstructured API KEY" field or add a Requests Post node with Authorization header. - Save the chatflow. `curl -s "https://localhost/api/v1/public-chatbotConfig/{CHATFLOW_UUID}"` Response: ``` { "flowData": "{...\"unstructuredAPIKey\":\"victim_key\"...\"requestsPostHeaders\":\"Bearer victim_token\"...}" } ``` ### Impact Impacts all Flowise Cloud users with chatflows containing password type fields or any HTTP headers. And self hosted Flowise instances exposed to the internet.
How to fix CVE-2026-41266
To remediate CVE-2026-41266, upgrade the affected package to a fixed version below.
- —upgrade to 3.1.0 or later
Is CVE-2026-41266 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.1.0