Skip to main content

Flowise CVE-2025-71338

| EUVDEUVD-2025-210343 CRITICAL
External Control of File Name or Path (CWE-73)
2026-06-25 VulnCheck GHSA-c3hj-m5hq-59xw
10.0
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
10.0 CRITICAL
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
10.0 CRITICAL

Network-reachable, low-complexity, unauthenticated file write with no user interaction yields full RCE; scope changed (S:C) as the write escapes the storage sandbox to host files.

3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 25, 2026 - 22:35 vuln.today
Analysis Generated
Jun 25, 2026 - 22:35 vuln.today

DescriptionCVE.org

Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can exploit unsanitized fileName parameters with ../ sequences to overwrite critical files like package.json and achieve remote code execution when the application restarts.

AnalysisAI

Arbitrary file write leading to remote code execution in FlowiseAI Flowise (versions <= 2.2.7) lets unauthenticated remote attackers overwrite any file on the host via the /api/v1/document-store/loader/process endpoint. The fileName parameter is passed unsanitized into path.join() inside storageUtils.ts, so ../ sequences escape the storage directory; overwriting package.json injects a malicious start script that executes on the next application restart. Publicly available exploit code exists (vendor GHSA PoC overwriting package.json), and the issue carries a CVSS 4.0 base score of 10.0; no public active-exploitation listing was identified at time of analysis.

Technical ContextAI

Flowise is an open-source low-code/drag-and-drop builder for LLM orchestration and AI agent workflows, distributed as the npm package 'flowise'. The flaw is rooted in CWE-73 (External Control of File Name or Path): the file-storage helpers addBase64FilesToStorage, addArrayFilesToStorage, and addSingleFileToStorage in packages/components/src/storageUtils.ts construct a destination via path.join(dir, fileName) followed by fs.writeFileSync(filePath, bf), where fileName originates from untrusted request input. Because path.join resolves ../ traversal segments, the effective write target can be relocated to any location the Node process can write to. The document-store loader/process API surfaces this primitive without authentication, turning a file-write into RCE by overwriting build/run manifests such as package.json.

RemediationAI

Upstream fix available (PR/commit); released patched version not independently confirmed - apply the upstream remediation commit https://github.com/FlowiseAI/Flowise/commit/c2b830f279e454e8b758da441016b2234f220ac7 referenced in the GHSA advisory, and monitor https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-8vvx-qvq9-5948 for a tagged release above 2.2.7 since no fixed version is published in package metadata. Until a tagged build is confirmed, place Flowise behind authentication and a reverse proxy that blocks or rejects requests to /api/v1/document-store/loader/process from untrusted networks, and restrict network exposure so the instance is not internet-facing (trade-off: breaks legitimate remote document-store ingestion). As a compensating control, run the Node process under a low-privilege user with the application directory and package.json mounted read-only so traversal writes to critical manifests fail (trade-off: may break features that legitimately write to storage and require build-time write access). Validate and reject any fileName containing ../ or absolute paths at the proxy/WAF layer as an interim filter.

CVE-2025-59528 CRITICAL POC
10.0 Sep 22

Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete

CVE-2025-8943 CRITICAL POC
9.8 Aug 14

Flowise versions before 3.0.1 allow unauthenticated access to the Custom MCPs feature, which is designed to execute OS c

CVE-2025-26319 CRITICAL POC
9.8 Mar 04

FlowiseAI Flowise version 2.2.6 contains an arbitrary file upload vulnerability in the /api/v1/attachments endpoint. Una

CVE-2025-58434 CRITICAL POC
9.8 Sep 12

Flowise is a drag & drop user interface to build a customized large language model flow. Rated critical severity (CVSS 9

CVE-2026-30821 CRITICAL POC
9.8 Mar 07

Unrestricted file upload in Flowise LLM workflow builder before 3.0.13 via /api/v1/attachments endpoint allows unauthent

CVE-2026-30824 CRITICAL POC
9.8 Mar 07

Missing authentication on NVD data endpoint in Flowise before 3.0.13 allows unauthenticated access to internal vulnerabi

CVE-2026-56274 HIGH POC
8.7 Jun 23

Remote code execution in Flowise before 3.1.2 allows any authenticated user (or API caller with chatflow view/update per

CVE-2026-30820 HIGH POC
8.8 Mar 07

Privilege escalation in Flowise versions prior to 3.0.13 allows authenticated users to bypass API authorization by spoof

CVE-2026-30823 HIGH POC
8.8 Mar 07

Flowise versions up to 3.0.13 is affected by authorization bypass through user-controlled key (CVSS 8.8).

CVE-2025-34267 HIGH POC
8.4 Oct 14

Authenticated remote code execution in FlowiseAI Flowise (v3.0.1 up to but not including 3.0.8, and later versions when

CVE-2024-8181 HIGH POC
8.1 Aug 27

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. Rated high severity (CVSS 8.1), this vulnerabili

CVE-2026-30822 HIGH POC
7.7 Mar 07

Flowise versions up to 3.0.13 is affected by improperly controlled modification of dynamically-determined object attribu

Share

CVE-2025-71338 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy