A vulnerability was found in Flowise up to 3.1.1 . It has been classified as problematic . This affects an unknown function of the file /api/v1/user . The manipulation of the argument credential leads to dynamically-determined object attributes. This vulnerability is referenced as CVE-2026-56276 . Remote exploitation of the attack is possible. No exploit is available. Upgrading the affected component is recommended.