cbcvebase.

Flowiseai Flowise vulnerabilities

80 known vulnerabilities affecting flowiseai/flowise.

Total CVEs
80
CISA KEV
0
Public exploits
8
Exploited in wild
5
Severity breakdown
CRITICAL24HIGH39MEDIUM16LOW1

Vulnerabilities

Page 2 of 4
CVE-2026-41265P2CRITICALCVSS 9.8fixed in 3.1.02026-04-23
CVE-2026-41265 [CRITICAL] CWE-77 CVE-2026-41265: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the Airtable_Agents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. Using prompt injection techniques, an unauthenticated attacker with
nvd
CVE-2026-30822P2HIGHCVSS 7.7fixed in 3.0.132026-03-07
CVE-2026-30822 [HIGH] CWE-915 CVE-2026-30822: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to ve Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, unauthenticated users can inject arbitrary values into internal database fields when creating leads. This issue has been patched in version 3.0.13.
ghsanvdosv
CVE-2026-41267P2CRITICALCVSS 9.8fixed in 3.1.02026-04-23
CVE-2026-41267 [CRITICAL] CWE-639 CVE-2026-41267: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment (JSON injection) vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attackers to inject server-managed fields and nested objects during account creation. This enables client-co
nvd
CVE-2026-31829P2HIGHCVSS 8.8fixed in 3.0.132026-03-10
CVE-2026-31829 [HIGH] CWE-918 CVE-2026-31829: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including private/internal IP ranges (RFC 1918), localhost, or cloud
ghsanvdosv
CVE-2025-59434P2CRITICALCVSS 9.6fixed in cloud-hosted (as of Aug 2025)2025-09-22
CVE-2025-59434 [CRITICAL] CWE-200 CVE-2025-59434: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to Au Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerability in Flowise Cloud allows any user on the free tier to access sensitive environment variables from other tenants via the Custom JavaScript Function node. This includes secrets such as Open
nvd
CVE-2026-41138P2HIGHCVSS 8.8fixed in 3.1.02026-04-23
CVE-2026-41138 [HIGH] CWE-94 CVE-2026-41138: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. The user’s input is directly applied to the question parameter within the prompt template and it is reflected to the Python co
ghsanvd
CVE-2026-41274P2CRITICALCVSS 9.8fixed in 3.1.02026-04-23
CVE-2026-41274 [CRITICAL] CWE-943 CVE-2026-41274: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that are executed on the underlying Neo4j database, enablin
nvd
CVE-2026-46441P2CRITICALCVSS 9.6fixed in 3.1.22026-06-08
CVE-2026-46441 [CRITICAL] CWE-284 CVE-2026-46441: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to ve Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating an assi
ghsanvd
CVE-2026-42861P2CRITICALCVSS 9.6fixed in 3.1.22026-06-08
CVE-2026-42861 [CRITICAL] CWE-284 CVE-2026-42861: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to ve Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a variab
ghsanvd
CVE-2026-41137P2HIGHCVSS 8.8fixed in 3.1.02026-04-23
CVE-2026-41137 [HIGH] CWE-94 CVE-2026-41137: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, The CSVAgent allows providing a custom Pandas CSV read code. Due to lack of sanitization, an attacker can provide a command injection payload that will get interpolated and executed by the server. This vulnerability is fixed in 3.1.0.
nvd
CVE-2026-30820P2HIGHCVSS 8.8fixed in 3.0.132026-03-07
CVE-2026-30820 [HIGH] CWE-863 CVE-2026-30820: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to ve Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, Flowise trusts any HTTP client that sets the header x-request-from: internal, allowing an authenticated tenant session to bypass all /api/v1/** authorization checks. With only a browser cookie, a low-privilege tenant can invoke internal ad
ghsanvdosv
CVE-2024-36421P3HIGHCVSS 7.5v1.4.3≤ 1.4.32024-07-01
CVE-2024-36421 [HIGH] CWE-346 CVE-2024-36421: Flowise is a drag & drop user interface to build a customized large language model flow. In version Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, A CORS misconfiguration sets the Access-Control-Allow-Origin header to all, allowing arbitrary origins to connect to the website. In the default configuration (unauthenticated), arbitrary origins may be able to make requests to Flowise,
ghsanvdosv
CVE-2026-41269P3HIGHCVSS 8.8fixed in 3.1.02026-04-23
CVE-2026-41269 [HIGH] CWE-434 CVE-2026-41269: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn’t normally allow JavaScript uploads. This enables attackers to pers
nvd
CVE-2025-71328P3HIGHCVSS 8.8fixed in 3.0.102026-06-25
CVE-2025-71328 [HIGH] CWE-620 CVE-2025-71328: Flowise before 3.0.10 contains an unverified password change vulnerability. An authenticated user ca Flowise before 3.0.10 contains an unverified password change vulnerability. An authenticated user can change their account password through the account settings (Security) section without supplying the current password or any additional verification, as the application does not enforce a current-password check on the credential change. This can lead t
nvd
CVE-2026-41273P3HIGHCVSS 8.2fixed in 3.1.02026-04-23
CVE-2026-41273 [HIGH] CWE-306 CVE-2026-41273: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacker to obtain OAuth 2.0 access tokens associated with a public chatflow. By accessing a public chatflow configuration endpoint, an attacker can retrieve int
nvd
CVE-2026-46444P3HIGHCVSS 8.8fixed in 3.1.22026-06-08
CVE-2026-46444 [HIGH] CWE-862 CVE-2026-46444: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to ve Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELIST_URLS. However, it is also not protected by the main auth middleware when a
ghsanvd
CVE-2026-30823P3HIGHCVSS 8.8fixed in 3.0.132026-03-07
CVE-2026-30823 [HIGH] CWE-639 CVE-2026-30823: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to ve Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, there is an IDOR vulnerability, leading to account takeover and enterprise feature bypass via SSO configuration. This issue has been patched in version 3.0.13.
ghsanvdosv
CVE-2025-59527P3HIGHCVSS 7.5v3.0.5v= 3.0.52025-09-22
CVE-2025-59527 [HIGH] CWE-918 CVE-2025-59527: Flowise is a drag & drop user interface to build a customized large language model flow. In version Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery (SSRF) vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise server as a proxy to access internal network web services an
ghsanvdosv
CVE-2026-41277P3HIGHCVSS 8.8fixed in 3.1.02026-04-23
CVE-2026-41277 [HIGH] CWE-284 CVE-2026-41277: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3. Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key (id) and internal state fields of DocumentStore entities. Because the service uses repository.save() with a client-supplied
nvd
CVE-2025-71332P3HIGHCVSS 8.8≤ 2.2.72026-06-24
CVE-2025-71332 [HIGH] CWE-89 CVE-2025-71332: Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insu Flowise through 2.2.7 contains a SQL injection vulnerability in the importChatflows API. Due to insufficient validation of the chatflow.id value, an authenticated user can supply a crafted JSON import file whose id field is concatenated unsanitized into a SQL IN clause, allowing arbitrary SQL to be executed, including blind and error-based extraction o
nvd
Flowiseai Flowise vulnerabilities | cvebase