cbcvebase.
CVE-2026-30821
published 2026-03-07

CVE-2026-30821: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the /api/v1/attachments/:chatflowId/:chatId…

PriorityP277critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
18.33%
96.9th percentile
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the /api/v1/attachments/:chatflowId/:chatId endpoint is listed in WHITELIST_URLS, allowing unauthenticated access to the file upload API. While the server validates uploads based on the MIME types defined in chatbotConfig.fullFileUpload.allowedUploadFileTypes, it implicitly trusts the client-provided Content-Type header (file.mimetype) without verifying the file's actual content (magic bytes) or extension (file.originalname). Consequently, an attacker can bypass this restriction by spoofing the Content-Type as a permitted type (e.g., application/pdf) while uploading malicious scripts or arbitrary files. Once uploaded via addArrayFilesToStorage, these files persist in backend storage (S3, GCS, or local disk). This vulnerability serves as a critical entry point that, when chained with other features like static hosting or file retrieval, can lead to Stored XSS, malicious file hosting, or Remote Code Execution (RCE). This issue has been patched in version 3.0.13.

Affected

2 ranges
VendorProductVersion rangeFixed in
flowiseaiflowise< 3.0.133.0.13
flowiseaiflowise>= 0 < 3.0.133.0.13

Detection & IOCsextracted from sources · hover to see the quote

url/api/v1/attachments/:chatflowId/:chatId
  • Monitor unauthenticated POST requests to /api/v1/attachments/ endpoint — no auth token required due to WHITELIST_URLS bypass
  • Detect Content-Type spoofing: flag uploads where the declared MIME type (e.g., application/pdf) does not match the file's actual magic bytes or file extension
  • Alert on unexpected file types (e.g., scripts, executables) persisted in backend storage (S3, GCS, or local disk) via the addArrayFilesToStorage function
  • ·The upload MIME type allowlist is defined in chatbotConfig.fullFileUpload.allowedUploadFileTypes — this server-side config is bypassable via Content-Type spoofing and does NOT constitute a reliable security control without magic-byte validation

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.2HIGHCVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.