Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Group: cwe Tag: flowise Clear
ID Title
CVE-2026-56278 Vulnerability in express (CVE-2026-56278)
vulnerability in express (CVE-2026-56278). Confidential information can be exposed externally.
CVE-2026-58057 Vulnerability in flowiseai (CVE-2026-58057)
vulnerability in flowiseai (CVE-2026-58057). Risk of unauthorized operations or information disclosure.
CVE-2025-71334 Vulnerability in flowiseai (CVE-2025-71334)
vulnerability in flowiseai (CVE-2025-71334). Successful exploitation can lead to full system takeover.
CVE-2025-71336 OS Command Injection in flowiseai (CVE-2025-71336)
OS command injection in flowiseai (CVE-2025-71336). Successful exploitation can lead to full system takeover.
CVE-2025-71338 Vulnerability in path-traversal (CVE-2025-71338)
vulnerability in path-traversal (CVE-2025-71338). Successful exploitation can lead to full system takeover.
CVE-2025-71333 Vulnerability in path-traversal (CVE-2025-71333)
vulnerability in path-traversal (CVE-2025-71333). Successful exploitation can lead to full system takeover.
CVE-2025-71327 Vulnerability in flowiseai (CVE-2025-71327)
vulnerability in flowiseai (CVE-2025-71327). Confidential information can be exposed externally.
CVE-2025-71324 Vulnerability in path-traversal (CVE-2025-71324)
vulnerability in path-traversal (CVE-2025-71324). Confidential information can be exposed externally.
CVE-2026-56275 SSRF (Server-Side Request Forgery) in flowiseai (CVE-2026-56275)
SSRF in flowiseai (CVE-2026-56275). Confidential information can be exposed externally.
CVE-2026-56274 OS Command Injection in flowiseai (CVE-2026-56274)
OS command injection in flowiseai (CVE-2026-56274). Successful exploitation can lead to full system takeover.
CVE-2025-71331 Vulnerability in flowiseai (CVE-2025-71331)
vulnerability in flowiseai (CVE-2025-71331). Risk of unauthorized operations or information disclosure.
CVE-2026-56268 Authorization Flaw in flowise (CVE-2026-56268)
vulnerability in flowise (CVE-2026-56268). Confidential information can be exposed externally. Exploitable via ``keyonly``. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46444 Vulnerability in flowise (CVE-2026-46444)
vulnerability in flowise (CVE-2026-46444). Successful exploitation can lead to full system takeover. Exploitable via ``WHITELIST_URLS``. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46443 Information Disclosure in flowise (CVE-2026-46443)
vulnerability in flowise (CVE-2026-46443). Confidential information can be exposed externally. Exploitable via ``credentialName``. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46442 Code Injection in flowise (CVE-2026-46442)
code injection in flowise (CVE-2026-46442). Successful exploitation can lead to full system takeover. Exploitable via `POST /api/v1/node-custom-function`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46441 Vulnerability in flowise (CVE-2026-46441)
vulnerability in flowise (CVE-2026-46441). Confidential information can be exposed externally. Exploitable via `PUT /api/v1/assistants/{assistantId}`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-46440 Vulnerability in flowise (CVE-2026-46440)
vulnerability in flowise (CVE-2026-46440). Confidential information can be exposed externally. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-42863 Vulnerability in flowise (CVE-2026-42863)
vulnerability in flowise (CVE-2026-42863). Confidential information can be exposed externally. Exploitable via `PUT /api/v1/chatflows/{chatflowId}`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-42862 Vulnerability in flowise (CVE-2026-42862)
vulnerability in flowise (CVE-2026-42862). Risk of unauthorized operations or information disclosure. Exploitable via `PUT /api/v1/tools/{toolId}`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-42861 Vulnerability in flowise (CVE-2026-42861)
vulnerability in flowise (CVE-2026-42861). Confidential information can be exposed externally. Exploitable via `PUT /api/v1/variables/{variableId}`. Mitigation: upgrade to `3.1.2` or later.
CVE-2026-43995 SSRF (Server-Side Request Forgery) in flowise (CVE-2026-43995)
SSRF in flowise (CVE-2026-43995). Successful exploitation can lead to full system takeover. Exploitable via ``httpSecurity.ts``. Mitigation: upgrade to `3.1.0` or later.
CVE-2026-56269 Vulnerability in flowise (CVE-2026-56269)
vulnerability in flowise (CVE-2026-56269). Confidential information can be exposed externally. Mitigation: upgrade to `3.1.0` or later.
CVE-2026-56270 Vulnerability in flowise (CVE-2026-56270)
vulnerability in flowise (CVE-2026-56270). Confidential information can be exposed externally. Exploitable via `GET /api/v1/loginmethod`. Mitigation: upgrade to `3.1.0` or later.
CVE-2025-71332 SQL Injection in flowise (CVE-2025-71332)
SQL injection in flowise (CVE-2025-71332). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →