Skip to main content

Flowise CVE-2026-56273

| EUVDEUVD-2026-42251 MEDIUM
Path Traversal (CWE-22)
2026-07-08 disclosure@vulncheck.com GHSA-g8g5-48h4-5r8h
4.9
CVSS 4.0 · Vendor: vulncheck
Share

Severity by source

Vendor (vulncheck) PRIMARY
4.9 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.7 HIGH

Valid API token required (PR:L); arbitrary filesystem write crosses component boundary (S:C) with high host integrity impact; no confidentiality or availability impact described.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
4.0 AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N

Primary rating from Vendor (vulncheck).

CVSS VectorVendor: vulncheck

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jul 08, 2026 - 15:01 EUVD
Analysis Generated
Jul 08, 2026 - 15:00 vuln.today

DescriptionCVE.org

Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector store implementations that accept unsanitized basePath parameters from authenticated users. Attackers with valid API tokens can write vector store data to arbitrary filesystem locations, potentially enabling code execution or data exfiltration.

AnalysisAI

Path traversal in Flowise's Faiss and SimpleStore vector store implementations allows any holder of a valid API token to write vector store data to arbitrary filesystem locations, creating a practical path to remote code execution or data exfiltration on the hosting server. All Flowise deployments prior to version 3.1.0 are affected when either of these two vector store backends is configured. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain valid Flowise API token
Delivery
Craft API request embedding traversal sequence in basePath parameter
Exploit
Submit request to Faiss or SimpleStore vector store endpoint
Execution
Flowise writes data to attacker-specified arbitrary path
Persist
Payload lands in sensitive filesystem location
Impact
Trigger execution of written payload for code execution

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid Flowise API token - the CVSS 4.0 PR:L metric confirms that low-privilege authentication is a hard prerequisite, making unauthenticated exploitation impossible. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 4.9 reflects moderate severity, but the real-world risk profile is materially higher in certain deployment contexts. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a valid Flowise API token submits a crafted request to the Faiss or SimpleStore vector store API endpoint, supplying a basePath value containing directory traversal sequences such as '../../var/spool/cron/' or a path within a web-accessible directory. Flowise writes attacker-controlled vector store index data to the specified arbitrary path without restriction. …
Remediation The primary fix is upgrading Flowise to version 3.1.0 or later, which remediates path traversal by sanitizing the basePath parameter within both the Faiss and SimpleStore vector store implementations. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-56273 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy