cbcvebase.
CVE-2026-31829
published 2026-03-10

CVE-2026-31829: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and…

PriorityP264high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
2.30%
81.1th percentile
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including private/internal IP ranges (RFC 1918), localhost, or cloud metadata endpoints. This enables Server-Side Request Forgery (SSRF), allowing any user interacting with a publicly exposed chatflow to force the Flowise server to make requests to internal network resources that are inaccessible from the public internet. This vulnerability is fixed in 3.0.13.

Affected

2 ranges
VendorProductVersion rangeFixed in
flowiseaiflowise< 3.0.133.0.13
flowiseaiflowise>= 0 < 3.0.133.0.13

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor for server-side HTTP requests originating from the Flowise server targeting private/internal IP ranges (RFC 1918), localhost, or cloud metadata endpoints — indicative of SSRF exploitation via the HTTP Node in AgentFlow or Chatflow.
  • Alert on outbound HTTP requests from the Flowise server process to internal network resources that would not normally be reachable from the public internet, triggered by user-controlled URL input in chatflow interactions.
  • Flag Flowise deployments running versions prior to 3.0.13 as vulnerable to SSRF via the HTTP Node feature in AgentFlow and Chatflow.
  • ·The SSRF vulnerability exists because there are no default restrictions on target hosts. Exploitation requires a publicly exposed Flowise chatflow with the HTTP Node enabled; environments with network egress controls or allowlist-based outbound filtering may limit impact.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.