neos/flow is vulnerable to Information Disclosure. The vulnerability is due to entity security not properly integrating with the doctrine query cache, allowing users to reuse cached SQL queries built for other users based on their roles rather than their specific properties, potentially revealing entities not meant for them.