Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Flowise — Vulnerabilities & Security Advisories 42

All 42 CVE vulnerabilities found in Flowise, with AI-generated Chinese analysis, references, and POCs.

Vendor: FlowiseAI

CVE IDTitleCVSSSeverityPublished
CVE-2026-41274 Flowise: Cypher Injection in GraphCypherQAChain CWE-943 9.8AICriticalAI2026-04-23
CVE-2026-41264 Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability CWE-184 9.8AICriticalAI2026-04-23
CVE-2026-41265 Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability CWE-77 9.6AICriticalAI2026-04-23
CVE-2026-41279 Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials CWE-639 8.2AIHighAI2026-04-23
CVE-2026-41278 Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs CWE-200 7.5AIHighAI2026-04-23
CVE-2026-41276 Flowise: AccountService resetPassword Authentication Bypass Vulnerability CWE-287 7.4AIHighAI2026-04-23
CVE-2026-41277 Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR) CWE-284 8.8AIHighAI2026-04-23
CVE-2026-41275 Flowise: Password Reset Link Sent Over Unsecured HTTP CWE-319 6.8AIMediumAI2026-04-23
CVE-2026-41273 Flowise: Unauthenticated OAuth 2.0 Access Token Disclosure via Public Chatflow CWE-306 7.5AIHighAI2026-04-23
CVE-2026-41271 Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains CWE-918 8.6AIHighAI2026-04-23
CVE-2026-41272 Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure) CWE-918 7.1 High2026-04-23
CVE-2026-41270 Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox CWE-284 7.1 High2026-04-23
CVE-2026-41269 Flowise: File Upload Validation Bypass in createAttachment CWE-434 7.1 High2026-04-23
CVE-2026-41268 Flowise: Flowise Parameter Override Bypass Remote Command Execution CWE-20 9.8AICriticalAI2026-04-23
CVE-2026-41267 Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association CWE-639 8.1 High2026-04-23
CVE-2026-41266 Flowise: Sensitive Data Leak in public-chatbotConfig CWE-200 9.1AICriticalAI2026-04-23
CVE-2026-41137 Flowise: Code Injection in CSVAgent leads to Authenticated RCE CWE-94 8.8AIHighAI2026-04-23
CVE-2026-41138 Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. CWE-94 9.8AICriticalAI2026-04-23
CVE-2026-40933 Flowise: Authenticated RCE Via MCP Adapters CWE-78 10.0 Critical2026-04-21
CVE-2026-31829 Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access CWE-918 7.1 High2026-03-10
CVE-2026-30824 Flowise: Missing Authentication on NVIDIA NIM Endpoints CWE-306 10.0 -2026-03-07
CVE-2026-30823 Flowise: IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO Configuration CWE-639 8.1 -2026-03-07
CVE-2026-30822 Flowise: Mass Assignment in `/api/v1/leads` Endpoint CWE-915 5.3 -2026-03-07
CVE-2026-30821 Flowise: Arbitrary File Upload via MIME Spoofing CWE-434 9.8 -2026-03-07
CVE-2026-30820 Flowise Authorization Bypass via Spoofed x-request-from Header CWE-863 8.8 -2026-03-07
CVE-2025-34267 Flowise Authenticated Command Execution and Sandbox Bypass via Puppeteer & Playwright Packages CWE-77 9.9AICriticalAI2025-10-14
CVE-2025-61913 Flowise is vulnerable to arbitrary file read, arbitrary file write CWE-22 10.0 Critical2025-10-08
CVE-2025-61687 FlowiseAI/Flosise has File Upload vulnerability CWE-434 8.3 High2025-10-06
CVE-2025-50538 Flowise 安全漏洞 CWE-79 8.2 High2025-10-06
CVE-2025-29192 Flowise 安全漏洞 CWE-79 8.2 High2025-10-06

All 42 known CVE vulnerabilities affecting Flowise with full Chinese analysis, references, and POCs where available.