Skip to main content

Flowise CVE-2026-12821

| EUVDEUVD-2026-38202 LOW
Path Traversal (CWE-22)
2026-06-21 VulDB GHSA-67qj-p3v2-73g7
2.1
CVSS 4.0 · Vendor: VulDB

Severity by source

Vendor (VulDB) PRIMARY
2.1 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.3 MEDIUM

Network-reachable path traversal requiring low-privilege auth; limited C/I/A impact with no scope change beyond the vulnerable system.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (VulDB).

CVSS VectorVendor: VulDB

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
Jun 22, 2026 - 06:49 vuln.today
Severity Changed
Jun 22, 2026 - 00:22 NVD
MEDIUM LOW
CVSS changed
Jun 22, 2026 - 00:22 NVD
5.3 (MEDIUM) 2.1 (LOW)

DescriptionCVE.org

A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Path traversal in FlowiseAI Flowise's S3 Document Loader component (packages/components/nodes/documentloaders/S3/S3.ts) enables authenticated remote attackers to manipulate S3 object key inputs to access files outside the intended storage scope. Versions 3.1.0 through 3.1.2 are confirmed affected. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to Flowise with low-privilege credentials
Delivery
Access workflow editor with S3 Document Loader node
Exploit
Craft object key containing path traversal sequences
Execution
Trigger workflow execution against Flowise S3 integration
Impact
Read files from unintended S3 paths outside authorized scope

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid low-privilege authenticated session on the Flowise instance (PR:L per CVSS 4.0 vector) - unauthenticated exploitation is not supported by available data. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 2.1 reflects constrained real-world impact: the attack vector is network (AV:N) with low complexity (AC:L) and no attack prerequisites (AT:N), but requires low-privilege authentication (PR:L) and produces only limited confidentiality, integrity, and availability impact on the vulnerable system (VC:L/VI:L/VA:L) with no scope change to subsequent systems (SC:N/SI:N/SA:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated Flowise user with access to the workflow editor configures an S3 Document Loader node with a crafted object key containing path traversal sequences (e.g., ../../sensitive-prefix/credentials). When the workflow executes, the unsanitized key is processed by S3.ts, causing the loader to resolve and return content from unintended S3 paths. …
Remediation No vendor-released patch has been identified at time of analysis - the vendor did not respond to responsible disclosure, and no fixed version is confirmed in available data. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-59528 CRITICAL POC
10.0 Sep 22

Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete

CVE-2025-8943 CRITICAL POC
9.8 Aug 14

Flowise versions before 3.0.1 allow unauthenticated access to the Custom MCPs feature, which is designed to execute OS c

CVE-2025-26319 CRITICAL POC
9.8 Mar 04

FlowiseAI Flowise version 2.2.6 contains an arbitrary file upload vulnerability in the /api/v1/attachments endpoint. Una

CVE-2025-58434 CRITICAL POC
9.8 Sep 12

Flowise is a drag & drop user interface to build a customized large language model flow. Rated critical severity (CVSS 9

CVE-2026-30821 CRITICAL POC
9.8 Mar 07

Unrestricted file upload in Flowise LLM workflow builder before 3.0.13 via /api/v1/attachments endpoint allows unauthent

CVE-2026-30824 CRITICAL POC
9.8 Mar 07

Missing authentication on NVD data endpoint in Flowise before 3.0.13 allows unauthenticated access to internal vulnerabi

CVE-2026-56274 HIGH POC
8.7 Jun 23

Remote code execution in Flowise before 3.1.2 allows any authenticated user (or API caller with chatflow view/update per

CVE-2026-30820 HIGH POC
8.8 Mar 07

Privilege escalation in Flowise versions prior to 3.0.13 allows authenticated users to bypass API authorization by spoof

CVE-2026-30823 HIGH POC
8.8 Mar 07

Flowise versions up to 3.0.13 is affected by authorization bypass through user-controlled key (CVSS 8.8).

CVE-2025-34267 HIGH POC
8.4 Oct 14

Authenticated remote code execution in FlowiseAI Flowise (v3.0.1 up to but not including 3.0.8, and later versions when

CVE-2024-8181 HIGH POC
8.1 Aug 27

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. Rated high severity (CVSS 8.1), this vulnerabili

CVE-2026-30822 HIGH POC
7.7 Mar 07

Flowise versions up to 3.0.13 is affected by improperly controlled modification of dynamically-determined object attribu

Share

CVE-2026-12821 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy