Permissive Cross-domain Policy with Untrusted Domains Affecting flowise package, versions <3.1.2
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsSnyk Learn
Learn about Permissive Cross-domain Policy with Untrusted Domains vulnerabilities in an interactive lesson.
Start learning- Snyk IDSNYK-JS-FLOWISE-16874172
- published25 May 2026
- disclosed20 May 2026
- creditDeathsPirate
Introduced: 20 May 2026
New CVE NOT AVAILABLE CWE-942 (opens in a new tab)How to fix?
Upgrade flowise to version 3.1.2 or higher.
Overview
flowise is a Flowiseai Server
Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains through the generateTextToSpeech handler in the text-to-speech endpoint. An attacker can make a victim’s browser send authenticated requests from any webpage by calling the TTS generate API, causing the browser to accept the response under a wildcard CORS policy. This lets an untrusted site invoke the text-to-speech endpoint using the user’s credentials and read the resulting stream, exposing the generated audio and any data returned by the request to the attacker.
Notes
- The bypass is specific to the TTS generate route because it carries
chatflowIdin the request body rather than the URL path, so origin checks that only inspect path-based chatflow routes do not cover this endpoint. - The hardcoded wildcard applies even when the server’s configured CORS allowlist is restrictive, so deployments relying on
getCorsOptions()for origin control are still exposed on this route.