CVE-2026-56278 - Flowise - Session Hijacking via Weak Default Express Session Secret
CVE ID :CVE-2026-56278 Published : June 30, 2026, 10:08 p.m. | 1 hour, 4 minutes ago Description :Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses a weak hardcoded default secret ('flowise') for the express-session middleware when the EXPRESS_SESSION_SECRET environment...