Advisories 26 June 2026 / 0 Comments

Flowise – Authentication Bypass via Registration Endpoint (CVE-2025-71327)

Scope: Flowise, All Versions Lacking Registration Restrictions

Severity: Critical

Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API access without credentials.

The Uganda National CERT and Coordination Center (CERT.UG/CC) encourages users and administrators to review the NVD Record for CVE-2025-71327 and apply the necessary updates.

Flowise – Authentication Bypass via Registration Endpoint (CVE-2025-71327)

CVE-2026-57620 in Exclusive Addons Elementor Plugin

Recent Advisories

Categories

Contact info

Useful Links

Subscribe to our Mailing List

Flowise – Authentication Bypass via Registration Endpoint (CVE-2025-71327)

RELATED ADVISORIES

CVE-2026-57620 in Exclusive Addons Elementor Plugin

Recent Advisories

Categories