Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
8DescriptionGitHub Advisory
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that are executed on the underlying Neo4j database, enabling data exfiltration, modification, or deletion. This vulnerability is fixed in 3.1.0.
AnalysisAI
Cypher injection in Flowise GraphCypherQAChain node allows remote unauthenticated attackers to execute arbitrary database commands against connected Neo4j instances. Attackers can exfiltrate, modify, or delete data in the graph database by injecting malicious Cypher queries through user-controlled input fields that bypass sanitization (CWE-943: Improper Neutralization of Special Elements in Data Query Logic). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the target Flowise deployment to have active workflows utilizing the GraphCypherQAChain node component with configured Neo4j database connectivity. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Real-world risk is critically high for organizations using Flowise's GraphCypherQAChain node with Neo4j databases. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker identifies a publicly accessible Flowise instance with GraphCypherQAChain workflows by scanning for exposed ports or discovering the application through search engine reconnaissance. Without authentication, they submit a crafted API request to a workflow endpoint containing malicious Cypher injection payload in user input fields, such as MATCH (n) DETACH DELETE n to delete all graph nodes or MATCH (n) RETURN n to exfiltrate entire database contents. … |
| Remediation | Upgrade to Flowise version 3.1.0 and flowise-components version 3.1.0 immediately, as vendor-released patches address the Cypher injection vulnerability through proper input sanitization in the GraphCypherQAChain node. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Identify all Flowise deployments and connected Neo4j instances; document current versions of flowise and flowise-components packages. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete
Flowise versions before 3.0.1 allow unauthenticated access to the Custom MCPs feature, which is designed to execute OS c
FlowiseAI Flowise version 2.2.6 contains an arbitrary file upload vulnerability in the /api/v1/attachments endpoint. Una
Flowise is a drag & drop user interface to build a customized large language model flow. Rated critical severity (CVSS 9
Unrestricted file upload in Flowise LLM workflow builder before 3.0.13 via /api/v1/attachments endpoint allows unauthent
Missing authentication on NVD data endpoint in Flowise before 3.0.13 allows unauthenticated access to internal vulnerabi
Remote code execution in Flowise before 3.1.2 allows any authenticated user (or API caller with chatflow view/update per
Privilege escalation in Flowise versions prior to 3.0.13 allows authenticated users to bypass API authorization by spoof
Flowise versions up to 3.0.13 is affected by authorization bypass through user-controlled key (CVSS 8.8).
Flowise versions up to 3.0.13 is affected by improperly controlled modification of dynamically-determined object attribu
Flowise <= 2.2.3 is vulnerable to SQL Injection. Rated high severity (CVSS 7.6), this vulnerability is remotely exploita
Flowise is a drag & drop user interface to build a customized large language model flow. Rated high severity (CVSS 7.5),
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25313
GHSA-28g4-38q8-3cwc