This vulnerability was discovered by researchers at Check Point .We are sharing this report as part of a responsible disclosure process and are happy to assist in validation and remediation if needed.
Summary
An authenticated vulnerability in Flowise Cloud https://cloud.flowiseai.com allows any user on the free tier to access sensitive environment variables from other tenants via the Custom JavaScript Function node. This includes secrets such as OpenAI API keys, AWS credentials, Supabase tokens, and Google Cloud secrets — resulting in a full cross-tenant data exposure.
Details
The issue exists in Flowise Cloud (cloud.flowiseai.com) under the POST /api/v1/node-custom-function endpoint. When using the Custom JavaScript Function node, the $vars object is injected into the execution context. This object is supposed to contain only the current workspace's environment variables, but in reality, it contains variables from all other tenants on the platform.
Even users with no configured variables in their workspace can run the following payload to extract hundreds of unrelated secrets:
{
"javascriptFunction": "try { return Object.keys($vars).length + ' total variables: ' + Object.keys($vars).join(', '); } catch(e) { return e.toString(); }"
}
We retrieved 514 variable names, including:
• OPENAI_API_KEY
• AWS_SECRET_ACCESS_KEY
• GMAIL_APP_PASSWORD
• SUPABASE_SERVICE_ROLE_KEY
• GOOGLE_CLIENT_SECRET
• SLACK_BOT_TOKEN
PoC
- Create a free-tier Flowise Cloud account
- Send POST request to /api/v1/node-custom-function with below body:
Resulting in:
Also, we can use below payload to get value for specific variable (OPENAI_API_KEY):
Output:
Impact
This is a critical multi-tenant security flaw. Any authenticated user can access environment variables from other customers, leading to:
• Credential leakage
• Abuse of paid third-party APIs (OpenAI, AWS, Google, etc.)
• Access to internal database URIs
• Potential lateral movement or user data compromise
We strongly recommend urgent remediation and revocation of leaked credentials.
chaandrey Reporter
This vulnerability was discovered by researchers at Check Point .We are sharing this report as part of a responsible disclosure process and are happy to assist in validation and remediation if needed.
Summary
An authenticated vulnerability in Flowise Cloud https://cloud.flowiseai.com allows any user on the free tier to access sensitive environment variables from other tenants via the Custom JavaScript Function node. This includes secrets such as OpenAI API keys, AWS credentials, Supabase tokens, and Google Cloud secrets — resulting in a full cross-tenant data exposure.
Details
The issue exists in Flowise Cloud (
cloud.flowiseai.com) under thePOST /api/v1/node-custom-functionendpoint. When using the Custom JavaScript Function node, the$varsobject is injected into the execution context. This object is supposed to contain only the current workspace's environment variables, but in reality, it contains variables from all other tenants on the platform.Even users with no configured variables in their workspace can run the following payload to extract hundreds of unrelated secrets:
We retrieved 514 variable names, including:
• OPENAI_API_KEY
• AWS_SECRET_ACCESS_KEY
• GMAIL_APP_PASSWORD
• SUPABASE_SERVICE_ROLE_KEY
• GOOGLE_CLIENT_SECRET
• SLACK_BOT_TOKEN
PoC
Resulting in:
Also, we can use below payload to get value for specific variable (OPENAI_API_KEY):
Output:
Impact
This is a critical multi-tenant security flaw. Any authenticated user can access environment variables from other customers, leading to:
• Credential leakage
• Abuse of paid third-party APIs (OpenAI, AWS, Google, etc.)
• Access to internal database URIs
• Potential lateral movement or user data compromise
We strongly recommend urgent remediation and revocation of leaked credentials.