CVEReports
CVEReports

Automated vulnerability intelligence platform. Comprehensive reports for high-severity CVEs generated by AI.

Product

  • Home
  • Sitemap
  • RSS Feed

Company

  • About
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 CVEReports. All rights reserved.

Made with love by Amit Schendel & Alon Barad



CVE-2026-56271

CVE-2026-56271: Authentication Bypass via Hardcoded JWT Secrets in Flowise Enterprise Passport Middleware

Alon Barad
Alon Barad
Software Engineer

Jul 17, 2026·6 min read·6 visits

Executive Summary (TL;DR)

Flowise enterprise passport middleware silently falls back to hardcoded default JWT signing secrets and identifiers when configuration environment variables are left unset, enabling remote unauthenticated attackers to forge arbitrary tokens and take over administrator accounts.

CVE-2026-56271 represents a critical security flaw in Flowise, an open-source visual orchestration platform for Large Language Models (LLMs) and autonomous AI agents. The vulnerability occurs within the platform's enterprise passport authentication module, where default cryptographic parameters are used in the absence of explicit environment variables. Specifically, the middleware silently falls back to known, static hardcoded secrets ('auth_token' and 'refresh_token') and identifiers ('AUDIENCE' and 'ISSUER') to generate and verify session tokens. Consequently, remote unauthenticated attackers can construct arbitrary JSON Web Tokens (JWTs) signed with these hardcoded credentials to gain administrative entry to the application.

Vulnerability Overview

Flowise is a visual builder for developing applications utilizing Large Language Models (LLMs) and AI agents. It features an enterprise authentication subsystem implemented via Passport.js middleware to manage secure sessions and restrict API access to authenticated users.

The vulnerability, designated as CVE-2026-56271, resides in the server module's configuration parsing logic. When enterprise authentication is enabled, the platform relies on JSON Web Tokens (JWTs) to authenticate requests. However, the system contains fallback logic that automatically defaults to static, hardcoded cryptographic values if the administrator has not configured custom secrets.

This behavior violates fundamental cryptographic principles by exposing critical trust assets. The vulnerability is classified under CWE-321 (Use of Hard-coded Cryptographic Key) and CWE-327 (Use of a Broken or Risky Cryptographic Algorithm). Unauthenticated attackers can exploit this logic remotely to gain unauthorized access to the application.

Root Cause Analysis

The root cause of this vulnerability lies within the initialization sequence of the enterprise passport middleware, located at packages/server/src/enterprise/middleware/passport/index.ts. To authenticate API requests, the server relies on the verification of JWTs supplied in HTTP headers.

During initialization, the application attempts to read several critical configuration parameters from the environment. These include JWT_AUTH_TOKEN_SECRET, JWT_REFRESH_TOKEN_SECRET, JWT_AUDIENCE, and JWT_ISSUER. If these parameters are missing, instead of halting initialization or raising a fatal configuration exception, the middleware proceeds using hardcoded fallbacks.

The default values utilized by the application are 'auth_token' for the authentication token secret, 'refresh_token' for the refresh token secret, 'AUDIENCE' for the expected token audience, and 'ISSUER' for the expected token issuer. Because these strings are publicly available in the open-source repository, any instance of Flowise deployed without these environment variables relies on the exact same static key material to verify session signatures.

Code Analysis & Architecture

The core flaw can be observed in the variable assignment logic where environment configuration is evaluated. If the left-hand operand of the logical OR operator is undefined, the program evaluates the right-hand operand, which contains the static string literal.

// VULNERABLE COMPONENT
// packages/server/src/enterprise/middleware/passport/index.ts
 
const authSecret = process.env.JWT_AUTH_TOKEN_SECRET || 'auth_token';
const refreshSecret = process.env.JWT_REFRESH_TOKEN_SECRET || 'refresh_token';
const audience = process.env.JWT_AUDIENCE || 'AUDIENCE';
const issuer = process.env.JWT_ISSUER || 'ISSUER';

To remediate this structural flaw, the application must completely eliminate hardcoded secrets from its execution paths. In secure designs, the application either throws a fatal error during bootstrap when required configurations are absent, or dynamically generates unique, high-entropy secrets in memory during startup.

// PATCHED COMPONENT
// Utilizing crypto package to prevent predictable fallback keys
import crypto from 'crypto';
 
// Generate a high-entropy, ephemeral secret if environment configuration is absent
const dynamicAuthSecret = process.env.JWT_AUTH_TOKEN_SECRET || crypto.randomBytes(32).toString('hex');
const dynamicRefreshSecret = process.env.JWT_REFRESH_TOKEN_SECRET || crypto.randomBytes(32).toString('hex');
 
// Enforce configuration validation for claims parameters
const audience = process.env.JWT_AUDIENCE;
const issuer = process.env.JWT_ISSUER;
 
if (!audience || !issuer) {
    throw new Error('Initialization failure: JWT_AUDIENCE and JWT_ISSUER must be explicitly declared');
}

By implementing dynamic fallback values, any session tokens forged using the static default values will fail validation because the server-side validation key is now unique to the runtime instance and completely unpredictable.

Exploitation & Token Forgery

Exploitation of CVE-2026-56271 requires no specialized privileges, user interaction, or advanced cryptographic analysis. The attack complexity is low. An attacker must first confirm that the target instance is running a vulnerable version of Flowise and has not had its default JWT configuration altered.

The attacker then constructs a malicious JWT. The token header is configured with standard hashing algorithms such as HMAC SHA-256 (HS256). The payload is crafted with claims identifying the user as an administrator, accompanied by the standard 'AUDIENCE' and 'ISSUER' claims. Finally, the attacker signs the serialized header and payload using the hardcoded cryptographic key 'auth_token':

{
  "alg": "HS256",
  "typ": "JWT"
}
{
  "sub": "admin-user-id-or-email",
  "role": "admin",
  "aud": "AUDIENCE",
  "iss": "ISSUER",
  "exp": 1924905600
}

Once the forged token is generated, the attacker attaches it to the Authorization header of an HTTP request directed at a protected API endpoint (e.g., Authorization: Bearer <forged_token>). The server receives the request, attempts validation using the static secret, and admits the request because the signature matches.

Impact Assessment & Threat Context

The security impact of successful exploitation is complete administrative compromise of the affected Flowise instance. Because Flowise acts as an orchestrator for Large Language Models and AI agents, it holds sensitive system integration configurations, including API keys for model providers (e.g., OpenAI, Anthropic, Cohere), database connection strings, and vector database credentials.

By bypassing authentication, an attacker gains full access to these secrets. They can modify existing AI pipelines, inject malicious prompts (prompt injection attacks), redirect data streams, or read private chat transcripts stored in the system. If the Flowise instance is configured to execute shell tools or custom Python scripts, an administrative compromise can easily lead to Remote Code Execution (RCE) on the host machine.

The vulnerability is rated as Critical with an NVD CVSS v3.1 score of 9.8. This score reflects the combination of zero-privilege remote access, low exploitation complexity, and extreme impact across confidentiality, integrity, and availability metrics.

Remediation & Detection

The primary remediation path is upgrading the Flowise deployment to version 3.1.0 or later. This version contains changes to how authentication tokens are validated, preventing fallback to known static keys. Developers must ensure that all dependencies, including flowise, flowise-ui, and flowise-components, are updated simultaneously.

If immediate upgrading is unfeasible, administrators must enforce configuration hardening by manually defining high-entropy keys within the environment variables. The configuration requires setting JWT_AUTH_TOKEN_SECRET and JWT_REFRESH_TOKEN_SECRET to randomized strings of at least 32 characters, alongside specific, unique values for JWT_AUDIENCE and JWT_ISSUER.

Deployers must also audit existing configurations. If the application was previously run with default values, any existing sessions must be invalidated immediately. Changing the secrets will automatically expire all active sessions, forcing users to authenticate against the newly defined security parameters.

Technical Appendix

CVSS Score
9.8/ 10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Probability
0.38%
Top 70% most exploited

Affected Systems

Flowise Enterprise Authentication Middleware

Affected Versions Detail

Product
Affected Versions
Fixed Version
flowise
FlowiseAI
<= 3.0.133.1.0
AttributeDetail
CWE IDCWE-321 / CWE-327
Attack VectorNetwork
CVSS v3.1 Score9.8 (Critical)
CVSS v4.0 Score9.3 (Critical)
EPSS Score0.00376 (29.82 percentile)
Exploit Statusnone
CISA KEV StatusNot Listed

MITRE ATT&CK Mapping

T1556Modify Authentication Process
Credential Access
T1190Exploit Public-Facing Application
Initial Access
CWE-321
Use of Hard-coded Cryptographic Key

The software uses a hard-coded cryptographic key, which can allow an attacker to bypass authentication, decrypt sensitive data, or perform other cryptographic operations.

References & Sources

  • [1]Flowise GitHub Security Advisory (GHSA-cc4f-hjpj-g9p8)
  • [2]NVD CVE-2026-56271 Record
  • [3]CVE.org CVE-2026-56271 Record
  • [4]VulnCheck Official Advisory
  • [5]CVELatestV5 Repository JSON

Attack Flow Diagram

Press enter or space to select a node. You can then use the arrow keys to move the node around. Press delete to remove it and escape to cancel.
Press enter or space to select an edge. You can then press delete to remove it or escape to cancel.

More Reports

•37 minutes ago•CVE-2026-52870
7.6

CVE-2026-52870: Broken Object-Level Authorization (BOLA) in Model Context Protocol (MCP) Python SDK

CVE-2026-52870 is a high-severity Broken Object-Level Authorization (BOLA) / Missing Authorization vulnerability (CWE-862) discovered in the experimental tasks feature of the Model Context Protocol (MCP) Python SDK. Under affected versions (< 1.27.2), default handlers registered via server.experimental.enable_tasks() allowed connected clients to enumerate, access, and terminate active tasks belonging to other user sessions due to a lack of session ownership validation. This compromised multi-tenant isolation, allowing authenticated users to extract execution data and cancel running jobs across concurrent connections. The vulnerability has been resolved in version 1.27.2 through session-scoping of task identifiers and transport session pinning.

Amit Schendel
Amit Schendel
0 views•6 min read
•about 2 hours ago•GHSA-48QW-824M-86PR
7.7

GHSA-48QW-824M-86PR: Privilege Escalation and Sandbox Escape in ArcadeDB Server

A high-severity privilege escalation and sandbox escape vulnerability exists in ArcadeDB Server prior to version 26.7.1. This flaw permits an authenticated user with read-only privileges to execute arbitrary JVM code in a sandboxed JavaScript context via the API command endpoint. By utilizing reflection on bound Java objects, an attacker can bypass the GraalVM guest environment's whitelist, access the Java ClassLoader, and perform arbitrary file reads on the host filesystem.

Alon Barad
Alon Barad
1 views•6 min read
•about 8 hours ago•CVE-2026-59950
7.6

CVE-2026-59950: Cross-Site WebSocket Hijacking in Model Context Protocol Python SDK

CVE-2026-59950 is a high-severity security vulnerability in the Model Context Protocol (MCP) Python SDK. Prior to version 1.28.1, the SDK's deprecated WebSocket server transport accepted incoming connection handshakes without performing validation on the Host or Origin headers. Because web browsers do not restrict WebSocket connections using the Same-Origin Policy (SOP), this enables malicious third-party websites to perform a Cross-Site WebSocket Hijacking (CSWSH) attack, executing unauthorized commands on behalf of the local user.

Alon Barad
Alon Barad
7 views•6 min read
•about 9 hours ago•GHSA-X9F9-R4M8-9XC2
8.4

GHSA-x9f9-r4m8-9xc2: Remote Code Execution via GraalVM Polyglot Sandbox Bypass in ArcadeDB Trigger Scripts

ArcadeDB is an open-source, multi-model database engine supporting graph, document, key-value, and vector models. In affected versions of ArcadeDB, the trigger script executor improperly configures GraalVM scripting engine permissions. By allowing the 'java.lang.*' package to be loaded within the scripting context, the sandbox environment can be bypassed. An authenticated user with schema administration privileges ('UPDATE_SCHEMA') can register a malicious script trigger that executes arbitrary Java host classes, leading to unauthenticated remote command execution under the context of the ArcadeDB server process.

Alon Barad
Alon Barad
5 views•6 min read
•about 9 hours ago•CVE-2026-20744
9.8

CVE-2026-20744: Improper Access Control in Le Circuit Électrique Charging Station Backend

A critical improper access control vulnerability (CWE-284) in the WebSocket upgrade endpoint of Le Circuit Électrique charging station backend allows remote, unauthenticated attackers to connect to the Charging Station Management System and impersonate charging stations.

Alon Barad
Alon Barad
5 views•8 min read
•about 9 hours ago•CVE-2026-55040
9.1

CVE-2026-55040: Microsoft SharePoint Server Security Feature Bypass Vulnerability

CVE-2026-55040 is a critical security feature bypass vulnerability in Microsoft SharePoint Server arising from a weak authentication mechanism (CWE-1390). An unauthenticated remote attacker can exploit this security flaw over a network to bypass authentication validation routines, gaining unauthorized access to the application and complete control over sensitive enterprise data assets without any user interaction.

Amit Schendel
Amit Schendel
13 views•5 min read