CVE-2026-30822: Flowise: mass assignment allows unauthenticated DB injection

Flowise, a widely deployed drag-and-drop LLM agent builder, contains a mass assignment flaw (CWE-915) that allows any unauthenticated user to inject arbitrary values into internal database fields through the lead creation endpoint — no credentials required. A public proof-of-concept already exists, and this package carries a history of 16 prior CVEs, signaling a pattern of insufficient input validation in a platform that often holds API keys, agent configurations, and sensitive workflow data. Blast radius extends to any Flowise instance exposed to the internet: successful exploitation could enable record tampering, privilege escalation within the platform, or corruption of LLM agent flow configurations. Upgrade to Flowise 3.0.13 immediately; if patching is blocked, isolate the Flowise API behind a network perimeter and audit database records for unexpected or injected field values.

Proof-of-concept exploit code is publicly available for CVE-2026-30822, increasing the risk of exploitation.

1. Patch immediately: upgrade all Flowise instances to version 3.0.13 or later. 2. If immediate patching is not possible: place Flowise behind a VPN or firewall to prevent unauthenticated internet access to the API. 3. Audit database records — particularly lead, user, and configuration tables — for unexpected field values or signs of injection attempts (fields containing unexpected JSON keys or privilege-related values). 4. Review application logs for anomalous POST requests to lead creation endpoints originating from unauthenticated sessions. 5. Rotate any API keys, credentials, or tokens stored within the Flowise platform as a precaution. 6. Subscribe to Flowise security advisories given the package's CVE history.

This vulnerability affects the following AI/ML architecture patterns: agent frameworks, LLM orchestration platforms, no-code AI workflow builders, multi-tenant AI SaaS deployments.

No CVSS score has been assigned yet.