July 12, 2026 Security Vulnerability Roundup: AI-Dev Tools Flowise and Crawl4AI Allow No-Login Takeover — Does It Affect You?
A roundup of the July 12, 2026 vulnerabilities rated 9.0 or higher. The AI-app builder Flowise and the AI data-collection tool Crawl4AI both have flaws allowing no-login takeover or file overwrite, and fixes are already out. We also organize seven network-device flaws so you can check whether a product you use is affected.
Table of contents
A roundup of the July 12, 2026 vulnerabilities rated 9.0 or higher. The AI-app builder Flowise and the AI data-collection tool Crawl4AI both have flaws allowing no-login takeover or file overwrite, and fixes are already out. We also organize seven network-device flaws so you can check whether a product you use is affected.
This article rounds up, in one place, the vulnerabilities disclosed on July 12, 2026 in the global vulnerability database (NVD) that we chose not to cover as standalone breaking news. The clear standout of the day was that two popular tools for building AI apps had flaws that let an attacker take over the service, or overwrite files on the server, with no login at all. Both are widely used building blocks in development shops and AI experiments around the world, and fixes are already available. Check here whether something you use is on the list.
There were no items on this day urgent enough for ordinary users that we split them into standalone articles. Below we first explain the two critical items rated 9.0 or higher (out of 10) in detail, then organize the seven network-device flaws also disclosed that day so you can tell whether they affect you. The previous day's list is in our July 11 security vulnerability roundup, and the next day's is in our July 13 security vulnerability roundup.
The day's headline: two AI-development tools allow no-login takeover and file writes
These two items are by far the most severe disclosed on July 12. Both are behind-the-scenes tools that power AI services and data collection, and both can be abused with no login. One lets an attacker impersonate others and seize admin rights; the other lets an attacker write a file to any location on the server. Fixes are out for both, so if you use them, check for updates first. Severity is out of 10.
| CVE | Product | What happens | Severity | Prerequisite | Status |
|---|---|---|---|---|---|
| CVE-2026-56271 | Flowise (≤3.0.13) | Impersonation → admin takeover | 9.8 | No login | Fixed in 3.1.0 No known abuse |
| CVE-2026-56260 | Crawl4AI (≤0.8.6) | Arbitrary file write | 9.1 | No login | Fixed in 0.8.7 No known abuse |
CVE-2026-56271: "Flowise" AI-app builder lets attackers impersonate the admin with no login
Flowise is an open-source development tool that lets you build AI chatbots and automated processes (AI agents) by wiring together parts on screen. Because you can build AI apps without writing code, it is widely used for in-house prototypes and small services. The flaw (versions up to 3.0.13) stems from the fact that the "secret" used to verify a user's login was hard-coded into the product as a fixed value. Since the secret is the same for everyone and guessable, an attacker can forge their own login pass (token) and impersonate any user, including the administrator — a textbook design mistake known as a hard-coded cryptographic key. No login is required, and severity is 9.8. It is fixed in version 3.1.0 and later. If you expose Flowise directly to the internet, prioritize updating and, in the meantime, block outside access.
CVE-2026-56260: "Crawl4AI" data-collection tool for AI lets attackers overwrite server files
Crawl4AI is an open-source tool that automatically gathers web pages for feeding into AI. It is often used to build the setup that lets generative AI reference up-to-date outside information (so-called RAG). The flaw (versions before 0.8.7) stems from the fact that the bundled server used to run Crawl4AI at scale did not validate where files are saved. By passing a crafted save path to the endpoints that produce screenshots or print data (the `/screenshot` and `/pdf` receivers), an attacker can write files to any location on the server that should be off-limits — a technique called path traversal. This can lead to overwriting existing configuration files and taking the service down. No login is required, and severity is 9.1. It is fixed in version 0.8.7. If you expose this bundled server externally, update it or limit access to your internal network.
Both of these flaws occurred in "parts you embed into the foundation of your own AI service." AI development pulls in many such open-source parts, so a mechanism to continuously check which part carries which flaw is essential. We explain how to inventory the vulnerabilities in the parts you have adopted in a scheme for auditing open-source (supply-chain) component vulnerabilities.
Many on the same day: seven flaws found in network devices
On July 12, severity-8.8 flaws were also disclosed together in network devices for homes and small offices. They fall into two groups. One is old devices that are already out of production and support; the other is the base software that advanced users flash onto routers themselves. Ordinary consumers do not use these as-is, but if you run the affected gear, take note.
| CVE | Product | Type | Severity | Prerequisite | Status |
|---|---|---|---|---|---|
| CVE-2026-15480 | TRENDnet TEW-635BRM | Buffer overflow | 8.8 | Login required | End-of-life No fix |
| CVE-2026-15481 | TRENDnet TEW-635BR | Buffer overflow | 8.8 | Login required | End-of-life No fix |
| CVE-2026-15483 | TRENDnet TEW-821DAP | Buffer overflow | 8.8 | Login required | End-of-life No fix |
| CVE-2026-15484 | TRENDnet TEW-821DAP | Buffer overflow | 8.8 | Login required | End-of-life No fix |
| CVE-2026-61875 | OpenWrt LuCI | Stored script injection | 8.8 | No login if on same network | Fix available |
| CVE-2026-61876 | OpenWrt LuCI | Stored script injection | 8.8 | Adjacent network + admin views page | Fix available |
| CVE-2026-59260 | OpenWrt luci-app-samba4 | Command injection | 8.8 | Login required (delegated user) | Fix available |
The first four were all found in older TRENDnet wireless routers and access points (TEW-635BRM / TEW-635BR / TEW-821DAP). The settings-page input handling has a "buffer overflow" (a flaw where oversized data is sent in to make a program malfunction), which can let the device be taken over. However, all of these are products that have already reached end of sale and support, and the vendor says it "cannot confirm or fix issues on such old products," so no patch is being released. An attack requires logging in to the device. If you are still running the affected old gear, consider replacing it.
The remaining three were found in the management screen (LuCI) and related parts of "OpenWrt," free base software you flash onto off-the-shelf routers. CVE-2026-61875 and CVE-2026-61876 are "stored script injection" (cross-site scripting), where the management screen displays externally supplied strings as-is and malicious scripts run in the administrator's browser. CVE-2026-59260 is a flaw in the file-sharing add-on (luci-app-samba4) where a user granted delegated rights can run commands they should not be allowed to. Fixes are out for all three, so update to the latest version if you use OpenWrt. OpenWrt is base software that advanced users install themselves, so it does not directly affect people using ordinary home routers as-is.
Bottom line: what ordinary users must act on today
The vulnerabilities disclosed together on July 12 carry high severity numbers, but most of them target people who run or build specific products and tools themselves. The smartphones and web services ordinary consumers use every day are not directly targeted because of this list. Ordinary users generally do not need to do anything right now.
It is a different story if you build AI apps yourself. The day's standouts, Flowise (severity 9.8) and Crawl4AI (severity 9.1), can both be abused with no login and are especially dangerous when exposed directly to the internet. If you use them, prioritize updating to the latest version and reviewing how much outside access is possible. Vulnerabilities seen under active attack can be tracked in the U.S. CISA alert list (KEV dashboard, Japanese edition), but neither of the day's two is listed yet. See also the previous day's July 11 roundup and the next day's July 13 roundup.
References
- â–¸NVD - CVE-2026-56271 (Flowise)
- â–¸NVD - CVE-2026-56260 (Crawl4AI)
- â–¸NVD - CVE-2026-15480 (TRENDnet TEW-635BRM)
- â–¸NVD - CVE-2026-15481 (TRENDnet TEW-635BR)
- â–¸NVD - CVE-2026-15483 (TRENDnet TEW-821DAP)
- â–¸NVD - CVE-2026-15484 (TRENDnet TEW-821DAP)
- â–¸NVD - CVE-2026-61875 (OpenWrt LuCI)
- â–¸NVD - CVE-2026-61876 (OpenWrt LuCI)
- â–¸NVD - CVE-2026-59260 (OpenWrt luci-app-samba4)

Makoto Horikawa
Backend Engineer / AWS / Django