Summary
ZDI-CAN-28762: Flowise AccountService resetPassword Authentication Bypass Vulnerability
-- ABSTRACT -------------------------------------
Trend Micro's Zero Day Initiative has identified a vulnerability affecting the following products:
Flowise - Flowise
-- VULNERABILITY DETAILS ------------------------
- Version tested: 3.0.12
- Installer file: hxxps://github.com/FlowiseAI/Flowise
- Platform tested: NA
Analysis
This vulnerability allows remote attackers to bypass authentication on affected installations of FlowiseAI Flowise. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the resetPassword method of the AccountService class. The issue results from improper implementation of the authentication mechanism. An attacker can leverage this vulnerability to change user's passwords and bypass authentication on the system.
Product information
FlowiseAI Flowise version 3.0.12 (hxxps://github.com/FlowiseAI/Flowise)
Setup Instructions
npm install [email protected]
npx flowise start
Root Cause Analysis
FlowiseAI Flowise is an open source low-code tool for developers to build customized large language model (LLM) applications and AI agents. It supports integration with various LLMs, data sources, and tools in order to facilitate rapid development and deployment of AI solutions. Flowise offers a web interface with a drag-and-drop editor, as well as an API, through an Express web server accessible over HTTP on port 3000/TCP.
Flowise allows users to reset forgotten passwords using a token emailed to the email address associated with their account. A token is sent to the user's email when a request is made to the "/api/v1/account/forgot-password" endpoint. Users will submit this token along with their new password to the "/api/v1/account/reset-password" endpoint, and if it is submitted within sufficient time (15 minutes by default, or the value of the PASSWORD_RESET_TOKEN_EXPIRY_IN_MINUTES environment variable) the user will be able to change their password.
The resetPassword() method of the AccountService class is responsible for handling such requests. This method will first retrieve the account information of the user based on their email address, which includes the value of the reset token. The method will then check if the reset token provided matches the one stored in the user's account, and that the token hasn't expired, before changing that users password.
However, there is no check performed to ensure that a password reset token has actually been generated for a user account. By default the value of the reset token stored in a users account is null, or an empty string if they've reset their password before. An attacker with knowledge of the user's email address can submit a request to the "/api/v1/account/reset-password" endpoint containing a null or empty string reset token value and reset that user's password to a value of their choosing. The null or empty string reset token value will allow the attacker to pass the reset token check, and they only have to worry about passing the expiry time check. By default the expiry time stored in the account of a user that has never generated a reset token before is equal to the time of their accounts creation plus 15 minutes (or the value of the PASSWORD_RESET_TOKEN_EXPIRY_IN_MINUTES environment variable).
This means that an attacker with knowledge of a recently created user account's email can change the user's password and use the changed password to bypass authentication.
comments documenting the issue have been added to the following code snippet. Added comments are prepended with "!!!".
From packages/server/src/enterprise/services/account.service.ts
public async resetPassword(data: AccountDTO) {
data = this.initializeAccountDTO(data)
const queryRunner = this.dataSource.createQueryRunner()
await queryRunner.connect()
try {
const user = await this.userService.readUserByEmail(data.user.email, queryRunner) //!!! retrieve stored user info by email address
if (!user) throw new InternalFlowiseError(StatusCodes.NOT_FOUND, UserErrorMessage.USER_NOT_FOUND)
//!!!user.tempToken is null or empty string, unless a user has requested a reset token and not used it
if (user.tempToken !== data.user.tempToken) //!!! check if the stored token (null by default) matches the provided token
throw new InternalFlowiseError(StatusCodes.BAD_REQUEST, UserErrorMessage.INVALID_TEMP_TOKEN)
const tokenExpiry = user.tokenExpiry
const now = moment()
const expiryInMins = process.env.PASSWORD_RESET_TOKEN_EXPIRY_IN_MINUTES
? parseInt(process.env.PASSWORD_RESET_TOKEN_EXPIRY_IN_MINUTES)
: 15
const diff = now.diff(tokenExpiry, 'minutes') //!!! check if token is expired
if (Math.abs(diff) > expiryInMins) throw new InternalFlowiseError(StatusCodes.BAD_REQUEST, UserErrorMessage.EXPIRED_TEMP_TOKEN)
// all checks are done, now update the user password, don't forget to hash it and do not forget to clear the temp token
// leave the user status and other details as is
//!!! hash and update the user's password since checks passed
const salt = bcrypt.genSaltSync(parseInt(process.env.PASSWORD_SALT_HASH_ROUNDS || '5'))
// @ts-ignore
const hash = bcrypt.hashSync(data.user.password, salt)
data.user = user
data.user.credential = hash
data.user.tempToken = '' //!!! stored Token value is set to empty string which can also be used by an attacker to bypass the token check
data.user.tokenExpiry = undefined
data.user.status = UserStatus.ACTIVE
await queryRunner.startTransaction()
data.user = await this.userService.saveUser(data.user, queryRunner) //!!! save changes to user account
await queryRunner.commitTransaction()
// Invalidate all sessions for this user after password reset
await destroyAllSessionsForUser(user.id as string)
} catch (error) {
await queryRunner.rollbackTransaction()
throw error
} finally {
await queryRunner.release()
}
return sanitizeUser(data.user)
}
Proof of Concept
A proof of concept for this vulnerability is provided in ./poc.py. It expects the following syntax:
python3 poc.py --user <USER> --host <HOST> [--port <PORT>]
Where USER is the email address of a user on the server, HOST is the ip address of the vulnerable server, and PORT is the port the vulnerable server is listening on (default: 3000). Options inclosed in square brackets are optional.
In order for this proof of concept to be successful, the user specified as the USER argument must have created their account within the last 15 minutes (or within PASSWORD_RESET_TOKEN_EXPIRY_IN_MINUTES minutes)
By default, the poc will first send a POST request to the "/api/v1/account/reset-password" endpoint of the target server containing a JSON body with a null reset token and the password "TMSR1234!" for the user specified by the USER argument. If the request doesn't successfully change the user's password, the same request will be sent again with the reset token value set to the empty string. Upon successful exploitation, the user's password will be changed to "TMSR1234!".
The provided proof of concept was tested using FlowiseAI Flowise version 3.0.12 runing on a Ubuntu 24.04 VM.
-- CREDIT ---------------------------------------
This vulnerability was discovered by:
Nicholas Zubrisky (@NZubrisky) of TrendAI Research of Trend Micro
Impact
The application does not adequately verify the identity of a user, device, or process before granting access. Typical impact: unauthorized access to functions or data reserved for authenticated parties.
CVE-2026-41276 has a CVSS score of 9.8 (High). The vector is network-reachable, no privileges required, and no user interaction. A CVSS score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether this affects your application depends on whether the vulnerable code is present and reachable in your environment. A fixed version is available (3.1.0); upgrading removes the vulnerable code path.
Affected versions
Security releases
Kodem intelligence
Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.
Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.
Remediation advice
Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.
Frequently Asked Questions
- What is CVE-2026-41276? CVE-2026-41276 is a high-severity improper authentication vulnerability in flowise (npm), affecting versions <= 3.0.13. It is fixed in 3.1.0. The application does not adequately verify the identity of a user, device, or process before granting access.
- How severe is CVE-2026-41276? CVE-2026-41276 has a CVSS score of 9.8 (High). This score reflects the worst-case severity of the vulnerability, not your specific exposure. Whether it represents real risk in your environment depends on whether the vulnerable code is present and reachable.
- Which versions of flowise are affected by CVE-2026-41276? flowise (npm) versions <= 3.0.13 is affected.
- Is there a fix for CVE-2026-41276? Yes. CVE-2026-41276 is fixed in 3.1.0. Upgrade to this version or later.
- Is CVE-2026-41276 exploitable, and should I be worried? Whether CVE-2026-41276 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
- What actually determines whether CVE-2026-41276 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
- How do I fix CVE-2026-41276? Upgrade
flowiseto 3.1.0 or later.