Flowise
CVE-2025-26319
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3DescriptionCVE.org
FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.
AnalysisAI
FlowiseAI Flowise version 2.2.6 contains an arbitrary file upload vulnerability in the /api/v1/attachments endpoint. Unauthenticated attackers can upload malicious files including executable scripts, achieving remote code execution on the Flowise server.
Technical ContextAI
The /api/v1/attachments API endpoint allows file uploads without authentication or file type validation. An attacker can upload a .js, .py, or other executable file type. Depending on the server configuration and how uploaded files are served, this can lead to server-side code execution. Even without direct execution, uploaded files can overwrite application files or be used for phishing.
RemediationAI
Update Flowise to the latest version. Implement authentication on all API endpoints. Configure strict file type allowlisting on upload endpoints. Run Flowise in a sandboxed container with minimal privileges. Monitor the attachments directory for unexpected file types.
Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete
Flowise versions before 3.0.1 allow unauthenticated access to the Custom MCPs feature, which is designed to execute OS c
Flowise is a drag & drop user interface to build a customized large language model flow. Rated critical severity (CVSS 9
Unrestricted file upload in Flowise LLM workflow builder before 3.0.13 via /api/v1/attachments endpoint allows unauthent
Missing authentication on NVD data endpoint in Flowise before 3.0.13 allows unauthenticated access to internal vulnerabi
Remote code execution in Flowise before 3.1.2 allows any authenticated user (or API caller with chatflow view/update per
Privilege escalation in Flowise versions prior to 3.0.13 allows authenticated users to bypass API authorization by spoof
Flowise versions up to 3.0.13 is affected by authorization bypass through user-controlled key (CVSS 8.8).
Authenticated remote code execution in FlowiseAI Flowise (v3.0.1 up to but not including 3.0.8, and later versions when
An Authentication Bypass vulnerability exists in Flowise version 1.8.2. Rated high severity (CVSS 8.1), this vulnerabili
Flowise versions up to 3.0.13 is affected by improperly controlled modification of dynamically-determined object attribu
Flowise <= 2.2.3 is vulnerable to SQL Injection. Rated high severity (CVSS 7.6), this vulnerability is remotely exploita
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today