A critical vulnerability in FlowiseAI's password reset feature allows attackers to take over accounts without authentication, simply by knowing a user's email address. The flaw exposes a valid password reset token and account details, enabling easy password resets for any user, including administrators. Currently, no patch is available, leaving systems highly vulnerable.