Flowiseai Flowise vulnerabilities
80 known vulnerabilities affecting flowiseai/flowise.
Total CVEs
80
CISA KEV
0
Public exploits
8
Exploited in wild
5
Severity breakdown
CRITICAL24HIGH39MEDIUM16LOW1
Vulnerabilities
Page 1 of 4
CVE-2025-59528P1CRITICALCVSS 10.0ExploitedPoCv3.0.5v= 3.0.52025-09-22
CVE-2025-59528 [CRITICAL] CWE-94 CVE-2025-59528: Flowise is a drag & drop user interface to build a customized large language model flow. In version
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses the user-provided mcpServerConfig string to build the MCP server configur
ghsanvdosv
CVE-2025-8943P1CRITICALCVSS 9.8ExploitedPoCfixed in 3.0.12025-08-14
CVE-2025-8943 [CRITICAL] CWE-306 CVE-2025-8943: The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to
The Custom MCPs feature is designed to execute OS commands, for instance, using tools like `npx` to spin up local MCP Servers. However, Flowise's inherent authentication and authorization model is minimal and lacks role-based access controls (RBAC). Furthermore, in Flowise versions before 3.0.1 the default installation operates without authentication
ghsanvdosv
CVE-2025-26319P1CRITICALCVSS 9.8ExploitedPoCv2.2.6≥ 3.0.1, ≤ 3.0.82025-03-04
CVE-2025-26319 [CRITICAL] CWE-434 CVE-2025-26319: FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1
FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.
ghsanvdosv
CVE-2024-8181P1HIGHCVSS 8.1ExploitedPoCv1.8.22024-08-27
CVE-2024-8181 [HIGH] CWE-287 CVE-2024-8181: An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, u
An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.
ghsanvdosv
CVE-2025-55346P1CRITICALExploited≥ 0, ≤ 2.2.7-patch.12025-10-06
CVE-2025-55346 [CRITICAL] CWE-627 Flowise vulnerable to RCE via Dynamic function constructor injection
Flowise vulnerable to RCE via Dynamic function constructor injection
### Summary
User-controlled input flows to an unsafe implementaion of a dynamic Function constructor , allowing a malicious actor to run JS code in the context of the host (not sandboxed) leading to RCE.
### Details
When creating a new `Custom MCP` Chatflow in the platform, the MCP Server Config displays a placeholder hintin
ghsaosv
CVE-2025-58434P1CRITICALCVSS 9.8PoCfixed in 3.0.6≤ 3.0.52025-09-12
CVE-2025-58434 [CRITICAL] CWE-306 CVE-2025-58434: Flowise is a drag & drop user interface to build a customized large language model flow. In version
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the `forgot-password` endpoint in Flowise returns sensitive information including a valid password reset `tempToken` without authentication or verification. This enables any attacker to generate a reset token for arbitrary users an
ghsanvdosv
CVE-2026-30824P1CRITICALCVSS 9.8PoCfixed in 3.0.132026-03-07
CVE-2026-30824 [CRITICAL] CWE-306 CVE-2026-30824: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to ve
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NVIDIA NIM router (/api/v1/nvidia-nim/*) is whitelisted in the global authentication middleware, allowing unauthenticated access to privileged container management and token generation endpoints. This issue has been patched in vers
ghsanvdosv
CVE-2024-31621P2HIGHCVSS 7.6PoC≤ 1.6.52024-04-29
CVE-2024-31621 [HIGH] CWE-94 CVE-2024-31621: An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary c
An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component.
ghsanvdosv
CVE-2026-41268P1CRITICALCVSS 9.8fixed in 3.1.02026-04-23
CVE-2026-41268 [CRITICAL] CWE-20 CVE-2026-41268: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution (RCE) vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined with a NODE_OPTIONS environment variable injection. T
nvd
CVE-2026-30821P2CRITICALCVSS 9.8fixed in 3.0.132026-03-07
CVE-2026-30821 [CRITICAL] CWE-434 CVE-2026-30821: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to ve
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the /api/v1/attachments/:chatflowId/:chatId endpoint is listed in WHITELIST_URLS, allowing unauthenticated access to the file upload API. While the server validates uploads based on the MIME types defined in chatbotConfig.fullFileUploa
ghsanvdosv
CVE-2026-41276P2CRITICALCVSS 9.8fixed in 3.1.02026-04-23
CVE-2026-41276 [CRITICAL] CWE-287 CVE-2026-41276: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to bypass authentication on affected installations of FlowiseAI Flowise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the resetPassword method of the Ac
nvd
CVE-2025-61913P2CRITICALCVSS 9.9fixed in 3.0.82025-10-08
CVE-2025-61913 [CRITICAL] CWE-22 CVE-2025-61913: Flowise is a drag & drop user interface to build a customized large language model flow. In versions
Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read and write arbitrary files to any path in the file system, potentially leading to remot
ghsanvdosv
CVE-2026-56274P2CRITICALCVSS 9.9fixed in 3.1.22026-06-23
CVE-2026-56274 [CRITICAL] CWE-78 CVE-2026-56274: Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server
Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions for chatflows, can configure a malicious MCP server to
nvd
CVE-2025-61687P2HIGHCVSS 8.8v3.0.7v= 3.0.72025-10-06
CVE-2025-61687 [HIGH] CWE-434 CVE-2025-61687: Flowise is a drag & drop user interface to build a customized large language model flow. A file uplo
Flowise is a drag & drop user interface to build a customized large language model flow. A file upload vulnerability in version 3.0.7 of FlowiseAI allows authenticated users to upload arbitrary files without proper validation. This enables attackers to persistently store malicious Node.js web shells on the server, potentially leading to Remote Code Ex
ghsanvdosv
CVE-2024-36420P3HIGHCVSS 7.5PoCv1.4.3≤ 1.4.32024-07-01
CVE-2024-36420 [HIGH] CWE-74 CVE-2024-36420: Flowise is a drag & drop user interface to build a customized large language model flow. In version
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the `/api/v1/openai-assistants-file` endpoint in `index.ts` is vulnerable to arbitrary file read due to lack of sanitization of the `fileName` body parameter. No known patches for this issue are available.
ghsanvdosv
CVE-2025-71327P2CRITICALCVSS 9.1v3.0.12026-06-25
CVE-2025-71327 [CRITICAL] CWE-306 CVE-2025-71327: Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register
Flowise contains an authentication bypass vulnerability in the unprotected /api/v1/account/register endpoint that allows unauthenticated attackers to create user accounts. Remote attackers can exploit this endpoint to register arbitrary accounts and authenticate to the system, gaining full API access without credentials.
nvd
CVE-2026-40933P2CRITICALCVSS 9.9fixed in 3.1.02026-04-21
CVE-2026-40933 [CRITICAL] CWE-78 CVE-2026-40933: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command execution. The vulnerability lies in a bug in the input sanitization from the “C
ghsanvd
CVE-2025-34267P2CRITICALCVSS 9.9≥ 3.0.1, < 3.0.82025-10-14
CVE-2025-34267 [CRITICAL] CVE-2025-34267: Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authentica
Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authenticated remote code execution vulnerability and node VM sandbox escape due to insecure use of integrated modules (Puppeteer and Playwright) within the nodevm execution environment. An authenticated attacker able to create or run a tool that leverages Puppeteer/
ghsanvdosv
CVE-2026-46442P2CRITICALCVSS 9.9fixed in 3.1.22026-06-08
CVE-2026-46442 [CRITICAL] CWE-94 CVE-2026-46442: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to ve
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function node. When E2B_APIKEY is not configured — the common deployment case —
ghsanvd
CVE-2026-41264P2CRITICALCVSS 9.8fixed in 3.1.02026-04-23
CVE-2026-41264 [CRITICAL] CWE-184 CVE-2026-41264: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the CSV_Agents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. An attacker can leverage this vulnerability to execute code in the cont
ghsanvd
1 / 4Next →