GHSA-c2c9-mfw7-p8hw: Flowise: Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Returns All Unprotected Chatflows

May 20, 2026 (updated June 22, 2026)

The /api/v1/chatflows/apikey/:apikey endpoint (whitelisted, accessible with API key auth only) returns all chatflows bound to the provided API key AND all chatflows across the entire system that have no API key assigned. This crosses workspace boundaries, allowing a user in Workspace A who has a valid API key to read the full configuration (including flowData, chatbotConfig, system prompts, and node configurations) of chatflows from Workspace B, Workspace C, and all other workspaces, as long as those chatflows have no API key assigned.

References

github.com/FlowiseAI/Flowise/security/advisories/GHSA-c2c9-mfw7-p8hw
github.com/advisories/GHSA-c2c9-mfw7-p8hw
nvd.nist.gov/vuln/detail/CVE-2026-56268

Code Behaviors & Features

Detect and mitigate GHSA-c2c9-mfw7-p8hw with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →