Flowise IDOR via SSO Config before 3.0.13 leads to Account Takeover
CVE-2026-30823 Published on March 7, 2026
Flowise: IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO Configuration
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, there is an IDOR vulnerability, leading to account takeover and enterprise feature bypass via SSO configuration. This issue has been patched in version 3.0.13.
Weakness Types
What is an Insecure Direct Object Reference / IDOR Vulnerability?
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
CVE-2026-30823 has been classified to as an Insecure Direct Object Reference / IDOR vulnerability or weakness.
What is an AuthZ Vulnerability?
The software does not perform an authorization check when an actor attempts to access a resource or perform an action.
CVE-2026-30823 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2026-30823
Want to know whenever a new CVE is published for Flowiseai Flowise? stack.watch will email you.
Affected Versions
FlowiseAI Flowise Version < 3.0.13 is affected by CVE-2026-30823Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.