CVE-2026-12821
published 2026-06-22CVE-2026-12821: A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file…
PriorityP343medium6.3CVSS 3.1
AVNACLPRLUINSUCLILAL
EPSS
0.34%
25.9th percentile
A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| flowiseai | flowise | — | — |
| flowiseai | flowise | — | — |
| flowiseai | flowise | — | — |
CVSS provenance
nvdv3.16.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
nvdv4.02.1LOWCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
A vulnerability was determined in FlowiseAI Flowise up to 3.1.2.
ghsa_unreviewed·2026-06-22
CVE-2026-12821 [LOW] CWE-22 A vulnerability was determined in FlowiseAI Flowise up to 3.1.2.
A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
VulDB
FlowiseAI Flowise up to 3.1.2 S3 Document Loader S3.ts path traversal (EUVD-2026-38202)
vuldb·2026-06-21·CVSS 6.3
CVE-2026-12821 [MEDIUM] FlowiseAI Flowise up to 3.1.2 S3 Document Loader S3.ts path traversal (EUVD-2026-38202)
A vulnerability classified as critical was found in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal.
This vulnerability is registered as CVE-2026-12821. It is possible to launch the attack remotely. Furthermore, an exploit is available.
The vendor was contacted early about this disclosure but did not respond in any way.
No detection rules found.
No public exploits indexed.
Unit42
Critical Vulnerabilities in Ivanti EPMM Exploited
blogs_unit42·2026-02-17·CVSS 9.8
CVE-2026-1281 [CRITICAL] Critical Vulnerabilities in Ivanti EPMM Exploited
Threat Research Center
High Profile Threats
Vulnerabilities
## Critical Vulnerabilities in Ivanti EPMM Exploited
Justin Moore
Published: February 17, 2026
High Profile Threats
Vulnerabilities
CVE-2026-1281
CVE-2026-1340
Ivanti
Remote Code Execution
Reverse shells
## Executive Summary
Two critical zero-day vulnerabilities ( CVE-2026-1281 and CVE-2026-1340 ) affecting Ivanti Endpoint Manager Mobile (EPMM) are being actively exploited in the wild, affecting enterprise mobile fleets and corporate networks. These vulnerabilities allow unauthenticated attackers to remotely execute arbitrary code on target servers, granting them full control over mobile device management (MDM) infrastructure without requiring user interaction or credentials.
Unit 42 has observed widespread expl
Unit42
Critical Vulnerabilities in Ivanti EPMM Exploited
blogs_unit42·2026-02-17·CVSS 9.8
CVE-2026-1281 [CRITICAL] Critical Vulnerabilities in Ivanti EPMM Exploited
## Executive Summary
Two critical zero-day vulnerabilities (CVE-2026-1281 and CVE-2026-1340) affecting Ivanti Endpoint Manager Mobile (EPMM) are being actively exploited in the wild, affecting enterprise mobile fleets and corporate networks. These vulnerabilities allow unauthenticated attackers to remotely execute arbitrary code on target servers, granting them full control over mobile device management (MDM) infrastructure without requiring user interaction or credentials.
Unit 42 has observed widespread exploitation of these vulnerabilities, including:
- Establishing a reverse shell
- Installing web shells
- Conducting reconnaissance
- Downloading malware
This campaign also affected the following sectors in the United States, Germany, Australia and Canada:
- State and local governme
2026-06-22
Published