Flowiseai Flowise vulnerabilities
80 known vulnerabilities affecting flowiseai/flowise.
Total CVEs
80
CISA KEV
0
Public exploits
8
Exploited in wild
5
Severity breakdown
CRITICAL24HIGH39MEDIUM16LOW1
Vulnerabilities
Page 3 of 4
CVE-2026-41271P3HIGHCVSS 8.3fixed in 3.1.02026-04-23
CVE-2026-41271 [HIGH] CWE-918 CVE-2026-41271: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests to internal and external systems. By injecting maliciou
nvd
CVE-2026-43995P3CRITICALCVSS 9.8fixed in 3.1.02026-05-11
CVE-2026-43995 [CRITICAL] CWE-918 CVE-2026-43995: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP clients (node-fetch, axios) instead of using the secured wrapper. These tools include (1) OpenAPIToolkit/OpenAPIToolkit.ts, (2) WebScraperTool/WebScraperTool.ts, (3) MCP/core.ts,
nvd
CVE-2026-46440P3CRITICALCVSS 9.1fixed in 3.1.22026-06-08
CVE-2026-46440 [CRITICAL] CWE-522 CVE-2026-46440: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to ve
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2.
ghsanvd
CVE-2026-46478P3HIGHCVSS 8.8fixed in 3.1.22026-06-08
CVE-2026-46478 [HIGH] CWE-915 CVE-2026-46478: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to ve
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2.
ghsanvd
CVE-2026-46479P3HIGHCVSS 8.8fixed in 3.1.22026-06-08
CVE-2026-46479 [HIGH] CWE-915 CVE-2026-46479: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to ve
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2.
ghsanvd
CVE-2026-46477P3HIGHCVSS 8.8fixed in 3.1.22026-06-08
CVE-2026-46477 [HIGH] CWE-915 CVE-2026-46477: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to ve
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2.
ghsanvd
CVE-2026-46480P3HIGHCVSS 8.8fixed in 3.1.22026-06-08
CVE-2026-46480 [HIGH] CWE-915 CVE-2026-46480: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to ve
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2.
ghsanvd
CVE-2026-46475P3HIGHCVSS 8.8fixed in 3.1.22026-06-08
CVE-2026-46475 [HIGH] CWE-915 CVE-2026-46475: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to ve
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2.
ghsanvd
CVE-2026-46476P3HIGHCVSS 8.8fixed in 3.1.22026-06-08
CVE-2026-46476 [HIGH] CWE-915 CVE-2026-46476: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to ve
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2.
ghsanvd
CVE-2025-71337P3HIGHCVSS 8.3≤ 3.0.72026-06-23
CVE-2025-71337 [HIGH] CWE-620 CVE-2025-71337: Flowise before 3.0.10 (affected versions 3.0.7 and earlier) contains an unverified email change vuln
Flowise before 3.0.10 (affected versions 3.0.7 and earlier) contains an unverified email change vulnerability. An authenticated user can change the account email address, used as a login identifier and password-recovery channel, via the account profile endpoint without confirming the change to the original email address or re-entering the current pass
nvd
CVE-2026-56270P3HIGHCVSS 7.5fixed in 3.1.02026-06-24
CVE-2026-56270 [HIGH] CWE-306 CVE-2026-56270: Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing authentication vulnerability i
Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing authentication vulnerability in the /api/v1/loginmethod endpoint that allows unauthenticated users to retrieve an organization's complete SSO configuration, including OAuth client secrets in cleartext, by providing an organizationId parameter. Remote attackers can send a GET request
nvd
CVE-2026-41270P3HIGHCVSS 8.3fixed in 3.1.02026-04-23
CVE-2026-41270 [HIGH] CWE-284 CVE-2026-41270: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTP_DENY_LIST for axios and node-fetch libraries, the built-in Node.js http, https, an
nvd
CVE-2025-71324P3HIGHCVSS 7.5fixed in 3.0.62026-06-25
CVE-2025-71324 [HIGH] CWE-73 CVE-2025-71324: Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /a
Flowise before 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The chatId value is not validated and is passed to streamStorageFile(), where a fallback file-lookup path constructed without the orgId is evaluated after the storage-directory
nvd
CVE-2026-42863P3HIGHCVSS 8.1fixed in 3.1.22026-06-08
CVE-2026-42863 [HIGH] CWE-284 CVE-2026-42863: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to ve
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic, workspaceId, createdDate, and updatedDate when updating a ch
ghsanvd
CVE-2024-8182P3HIGHCVSS 7.5v1.8.22024-08-27
CVE-2024-8182 [HIGH] CWE-400 CVE-2024-8182: An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to
An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable version due to improper handling of user supplied input to the “/api/v1/get-upload-file” api endpoint.
ghsanvdosv
CVE-2026-41266P3HIGHCVSS 7.5fixed in 3.1.02026-04-23
CVE-2026-41266 [HIGH] CWE-200 CVE-2026-41266: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker with knowledge just of a chatflow UUID can retrieve credentials stored in p
nvd
CVE-2026-56268P3HIGHCVSS 7.7fixed in 3.1.22026-06-22
CVE-2026-56268 [HIGH] CWE-863 CVE-2026-56268: Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apike
Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apikey/:apikey endpoint. When the keyonly query parameter is omitted (the default), the endpoint returns not only the chatflows bound to the supplied API key but also all chatflows across every workspace that have no API key assigned, because the underlying
nvd
CVE-2025-29189P3HIGHCVSS 7.6≤ 2.2.32025-04-09
CVE-2025-29189 [HIGH] CWE-89 CVE-2025-29189: Flowise <= 2.2.3 is vulnerable to SQL Injection. via tableName parameter at Postgres_VectorStores.
Flowise <= 2.2.3 is vulnerable to SQL Injection. via tableName parameter at Postgres_VectorStores.
nvd
CVE-2026-41278P3HIGHCVSS 7.5fixed in 3.1.02026-04-23
CVE-2026-41278 [HIGH] CWE-200 CVE-2026-41278: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the sanitizeFlowDataForPublicEndpoint function does NOT exis
nvd
CVE-2026-41275P3HIGHCVSS 7.5fixed in 3.1.02026-04-23
CVE-2026-41275 [HIGH] CWE-319 CVE-2026-41275: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functionality on cloud.flowiseai.com sends a reset password link over the unsecured HTTP protocol instead of HTTPS. This behavior introduces the risk of a man-in-the-middle (MITM) attack, where an attacker on the same network as
nvd