## https://sploitus.com/exploit?id=42BD4D56-3716-5026-B5B8-1F89FF1FA2B8
# CVE-2026-30824 โ Flowise NVIDIA NIM Authentication Bypass Checker and Exploit
A proof-of-concept checker and exploit for **CVE-2026-30824**, a critical authentication bypass vulnerability in Flowise that exposes NVIDIA NIM API endpoints without authentication.
## DISCLAIMER
This tool is for pentesters only to use on authorized networks. Use it at your own risk. No responsability is taken.
## Vulnerability Overview
**CVE-2026-30824** is a critical authentication bypass in Flowise (
cd cve-2026-30824
# Install dependencies
pip install -r requirements.txt
# or
pip install requests
```
---
## Usage
### Basic Vulnerability Check
```bash
# Check if a single target is vulnerable
python3 CVE-2026-30824_exp.py -t http://192.168.1.100:3000 --check
# Expected output (VULNERABLE):
# [+] Target appears VULNERABLE (HTTP 200)
# Response: {...}
```
### Scan Multiple Targets
```bash
# Create targets.txt with one URL per line
cat > targets.txt "
```
### Scenario 2: Proof of Impact
```bash
# Verify vulnerability and demonstrate full blast radius
python3 CVE-2026-30824_exp.py -t http://192.168.1.100:3000 --all
# This will:
# 1. Check vulnerability
# 2. Extract NVIDIA API token
# 3. Validate token against NVIDIA API
# 4. List running containers
# 5. Show resource enumeration
```
### Scenario 3: Continuous Monitoring
```bash
# Monitor a target periodically (via cron or scheduler)
python3 CVE-2026-30824_exp.py -f monitored_targets.txt --scan-only > scan_$(date +%s).log
```
---
## Output Indicators
### Colors
- ๐ข **GREEN** โ Vulnerable target or successful exploitation
- ๐ก **YELLOW** โ Patched/not vulnerable or warning
- ๐ด **RED** โ Error or connection failure
### Status Codes
| HTTP | Meaning |
|------|---------|
| 200 | โ Vulnerable (endpoint accessible) |
| 400 | โ Vulnerable (application error but endpoint exists) |
| 401 | ๐ก Patched (authentication required) |
| 404 | ๐ก Not Flowise or endpoint doesn't exist |
| 5xx | ๐ด Server error/misconfigured |
---
## Troubleshooting
### "Got HTML response instead of JSON"
**Problem:** The endpoint returns an HTML page instead of JSON API response.
**Solutions:**
1. Verify the Flowise version is actually vulnerable (< 3.0.13)
2. Check if the target is actually running Flowise (not a different app)
3. Verify the endpoint path hasn't changed in this version
4. Check if a reverse proxy or WAF is interfering
### "Connection refused" or "Timeout"
**Problem:** Cannot reach the target.
**Solutions:**
```bash
# Test connectivity
curl -v http://192.168.1.100:3000/
# Increase timeout
python3 CVE-2026-30824_exp.py -t http://192.168.1.100:3000 --check --timeout 30
```
### SSL Certificate Error
**Problem:** Target uses self-signed or expired certificate.
**Solution:** The script disables SSL verification by default. If issues persist:
```bash
# Explicitly add port and protocol
python3 CVE-2026-30824_exp.py -t https://192.168.1.100:3000 --check
```
### Token Validation Fails
**Problem:** Token extracted but validation against NVIDIA API fails.
**Causes:**
- Token may have already expired
- Token may be invalid (endpoint returns fake token)
- Network connectivity to NVIDIA API blocked
---
## Security Considerations
โ ๏ธ **LEGAL NOTICE**
- This tool is for authorized security testing only
- Unauthorized access to computer systems is illegal
- Only test systems you own or have explicit permission to test
- The author assumes no liability for misuse
### Responsible Disclosure
If you discover this vulnerability in the wild:
1. Document the findings
2. Contact the organization's security team
3. Allow reasonable time for remediation (typically 90 days)
4. Do not disclose publicly until patched
---
## Mitigation
### For System Administrators
**Immediate:**
1. Upgrade Flowise to version 3.0.13 or later
2. Implement network access controls (firewall rules)
3. Disable NVIDIA NIM integration if not needed
4. Monitor API logs for suspicious token usage
**Long-term:**
1. Use WAF rules to block `/api/v1/nvidia-nim/*` paths
2. Implement API rate limiting
3. Enable security monitoring and alerting
4. Conduct regular security assessments
### For Developers
- Review all authentication bypasses in the codebase
- Implement default-deny access policies
- Add comprehensive API endpoint security tests
- Use automated security scanning in CI/CD
---
## References
- [NVD Entry](https://nvd.nist.gov/)
- [Flowise GitHub](https://github.com/FlowiseAI/Flowise)
- [NVIDIA NIM Documentation](https://docs.nvidia.com/nim/)
- [CWE-306: Missing Authentication](https://cwe.mitre.org/data/definitions/306.html)
---
## License
This tool is provided for educational and authorized security testing purposes only. See LICENSE file for details.
## Disclaimer
This exploit is provided "as-is" without warranty. Use only on systems you own or have explicit written permission to test. The author is not responsible for any misuse or damage caused by this tool.
---
## Author
Created for authorized penetration testing and security research.
**Last Updated:** April 2026