cbcvebase.
CVE-2025-26319
published 2025-03-04

CVE-2025-26319: FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.

PriorityP190critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
50.79%
98.8th percentile
FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.

Affected

5 ranges
VendorProductVersion rangeFixed in
flowiseaiflowise
flowiseaiflowise0 – 2.2.6
flowiseaiflowise>= 3.0.1 < 3.0.83.0.8
flowiseaiflowise>= 3.0.1 < 3.0.83.0.8
flowiseaiflowise3.0.1 – 3.0.8

Detection & IOCsextracted from sources · hover to see the quote

url/api/v1/attachments/..%2f..%2f..%2f..%2f..%2froot%2f/.flowise
path/api/v1/attachments
path.flowise/api.json
snort
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Flowise Pre-Auth Arbitrary File Upload Attempt (CVE-2025-26319)"; flow:established,to_server; http.request_line; content:"POST /api/v1/attachments/"; startswith; fast_pattern; pcre:"/^[^\x26]*?(?:(?:\x2e|%2[Ee]){1,2}(?:\x2f|\x5c|%5[Cc]|%2[Ff]){1,}){2,}/R"; reference:url,medium.com/@attias.dor/the-burn-notice-part-2-5-5-flowise-pre-auth-arbitrary-file-upload-cve-2025-26319-0d4194a34183; reference:cve,2025-26319; classtype:attempted-admin; sid:2061358; rev:1; metadata:affected_product Flowise, attack_target Web_Server, tls_state plaintext, created_at 2025_04_07, cve CVE_2025_26319, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, signature_severity Major, tag Exploit, updated_at 2025_04_07, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
  • Detect path traversal in POST requests to /api/v1/attachments/ using URL-encoded dot-slash sequences (e.g., %2f, %2e, %5c) to escape the upload directory.
  • Alert on POST requests to /api/v1/attachments/ where the path contains traversal sequences targeting /.flowise or /root/ directories.
  • Monitor for unauthenticated uploads of a file named api.json to the Flowise attachments endpoint, which can overwrite the API key configuration.
  • After a successful upload, watch for GET /api/v1/apikey requests using a Bearer token injected via the overwritten api.json, indicating API key harvesting.
  • Use Shodan/FOFA queries to identify exposed Flowise instances as potential targets; between 12,000 and 15,000 instances are currently exposed online.
  • CVE-2025-26319 is being actively exploited in the wild alongside CVE-2025-8943 and CVE-2025-59528; treat any Flowise instance on version ≤2.2.6 as compromised until patched.
  • ·The vulnerability is unauthenticated (no credentials required), so absence of auth headers in upload requests to /api/v1/attachments/ is expected and should not be used to filter out detections.
  • ·The Nuclei PoC template uses a hardcoded test API key and secret; these specific values may appear in benign scanner traffic and should be correlated with other indicators before concluding compromise.
  • ·The Snort/ET rule (sid:2061358) is scoped to plaintext (tls_state plaintext); TLS-terminated deployments behind a reverse proxy will require decryption or an equivalent application-layer inspection rule.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ghsa9.8CRITICAL
osv9.8CRITICAL
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.