Flowiseai Flowise vulnerabilities
80 known vulnerabilities affecting flowiseai/flowise.
Total CVEs
80
CISA KEV
0
Public exploits
8
Exploited in wild
5
Severity breakdown
CRITICAL24HIGH39MEDIUM16LOW1
Vulnerabilities
Page 4 of 4
CVE-2026-41279P3HIGHCVSS 7.5fixed in 3.1.02026-04-23
CVE-2026-41279 [HIGH] CWE-639 CVE-2026-41279: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint (POST /api/v1/text-to-speech/generate) is whitelisted (no auth) and accepts a credentialId directly in the request body. When called without a chatflowId, the endpoint uses the provided credentialId to decrypt
nvd
CVE-2026-41272P3HIGHCVSS 7.1fixed in 3.1.02026-04-23
CVE-2026-41272 [HIGH] CWE-918 CVE-2026-41272: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers (secureAxiosRequest and secureFetch) intended to prevent Server-Side Request Forgery (SSRF) contain multiple logic flaws. These flaws allow attackers to bypass the allow/deny lists via DNS Rebinding (Time-of-Check Time-of
nvd
CVE-2026-12821P3MEDIUMCVSS 6.3v3.1.0v3.1.1+1 more2026-06-22
CVE-2026-12821 [MEDIUM] CWE-22 CVE-2026-12821: A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown
A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal. It is possible to launch the attack remotely. The vendor was contacted early about this dis
nvd
CVE-2026-56275P3HIGHCVSS 7.1fixed in 3.1.02026-06-23
CVE-2026-56275 [HIGH] CWE-918 CVE-2026-56275: Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node t
Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud metadata, and enumerate internal services by exploiting the m
nvd
CVE-2025-57164P3MEDIUMCVSS 6.5v3.0.52025-10-17
CVE-2025-57164 [MEDIUM] CWE-77 CVE-2025-57164: Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user inp
Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field.
ghsanvdosv
CVE-2026-46443P3MEDIUMCVSS 6.5fixed in 3.1.22026-06-08
CVE-2026-46443 [MEDIUM] CWE-200 CVE-2026-46443: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to ve
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData field is not stripped from the response. The code properly omits encryptedData when no filter is used but fails to do so when a filter is used. This is
ghsanvd
CVE-2025-50538P3MEDIUMCVSS 6.1fixed in 3.0.52025-10-06
CVE-2025-50538 [MEDIUM] CWE-79 CVE-2025-50538: Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log.
Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log.
ghsanvdosv
CVE-2026-8026P4MEDIUMCVSS 5.3≤ 3.0.12v3.0.0+12 more2026-05-06
CVE-2026-8026 [MEDIUM] CWE-200 CVE-2026-8026: A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Logi
A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched remotely. A high complexity level is associated with this atta
ghsanvd
CVE-2026-42862P4MEDIUMCVSS 5.0fixed in 3.1.22026-06-08
CVE-2026-42862 [MEDIUM] CWE-284 CVE-2026-42862: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to ve
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a tool resourc
ghsanvd
CVE-2024-37145P4MEDIUMCVSS 6.1≤ 1.4.32024-07-01
CVE-2024-37145 [MEDIUM] CWE-79 CVE-2024-37145: Flowise is a drag & drop user interface to build a customized large language model flow. In version
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/chatflows-streaming/id` endpoint. If the default configuration is used (unauthenticated), an attacker may be able to craft a specially crafted URL that injects Javas
ghsanvdosv
CVE-2024-36422P4MEDIUMCVSS 6.1v1.4.3≤ 1.4.32024-07-01
CVE-2024-36422 [MEDIUM] CWE-79 CVE-2024-36422: Flowise is a drag & drop user interface to build a customized large language model flow. In version
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `api/v1/chatflows/id` endpoint. If the default configuration is used (unauthenticated), an attacker may be able to craft a specially crafted URL that injects Javascript into
ghsanvdosv
CVE-2024-37146P4MEDIUMCVSS 6.1≤ 1.4.32024-07-01
CVE-2024-37146 [MEDIUM] CWE-79 CVE-2024-37146: Flowise is a drag & drop user interface to build a customized large language model flow. In version
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/credentials/id` endpoint. If the default configuration is used (unauthenticated), an attacker may be able to craft a specially crafted URL that injects Javascript in
ghsanvdosv
CVE-2024-36423P4MEDIUMCVSS 6.1≤ 1.4.32024-07-01
CVE-2024-36423 [MEDIUM] CWE-79 CVE-2024-36423: Flowise is a drag & drop user interface to build a customized large language model flow. In version
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the `/api/v1/public-chatflows/id` endpoint. If the default configuration is used (unauthenticated), an attacker may be able to craft a specially crafted URL that injects Javascri
ghsanvdosv
CVE-2024-9148P4MEDIUMCVSS 6.1fixed in 2.1.12024-09-25
CVE-2024-9148 [MEDIUM] CWE-79 CVE-2024-9148: Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization i
Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0.
ghsanvdosv
CVE-2025-29192P4MEDIUMCVSS 6.1fixed in 3.0.52025-10-06
CVE-2025-29192 [MEDIUM] CWE-79 CVE-2025-29192: Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat
Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log.
ghsanvdosv
CVE-2025-71331P4MEDIUMCVSS 6.1fixed in 3.0.82026-06-20
CVE-2025-71331 [MEDIUM] CWE-80 CVE-2025-71331: Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient inpu
Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload (e.g., ) in a chat box, or by having a custom agent function return an XSS payload from an external website. The injected
nvd
CVE-2026-56269P4MEDIUMCVSS 4.6fixed in 3.1.02026-06-24
CVE-2026-56269 [MEDIUM] CWE-798 CVE-2026-56269: Flowise before 3.1.0 (npm package flowise, versions 3.0.13 and earlier) uses a weak hardcoded defaul
Flowise before 3.1.0 (npm package flowise, versions 3.0.13 and earlier) uses a weak hardcoded default value 'Secre$t' for the TOKEN_HASH_SECRET environment variable in packages/server/src/enterprise/utils/tempTokenUtils.ts when the variable is not configured. This secret derives the AES-256-CBC key used to encrypt user IDs and workspace IDs in the '
nvd
CVE-2026-8027P4MEDIUMCVSS 4.3≤ 3.0.12v3.0.0+12 more2026-05-06
CVE-2026-8027 [MEDIUM] CWE-285 CVE-2026-8027: A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is
A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated remotely. The affected component should be upgraded.
nvd
CVE-2026-56272P4MEDIUMCVSS 4.1fixed in 3.0.132026-06-24
CVE-2026-56272 [MEDIUM] CWE-916 CVE-2026-56272: Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instea
Flowise before 3.0.13 uses bcrypt with default salt rounds of 5, providing only 32 iterations instead of the OWASP-recommended minimum of 10 rounds. Attackers can crack password hashes approximately 30 times faster with modern GPU hardware, potentially compromising all user accounts in a database breach scenario.
nvd
CVE-2026-8028P4LOWCVSS 3.7≤ 3.0.12v3.0.0+12 more2026-05-06
CVE-2026-8028 [LOW] CWE-200 CVE-2026-8028: A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of
A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The attack is considered to have high complexity. It i
nvd
← Previous4 / 4