Skip to main content

Flowise CVE-2026-56275

| EUVDEUVD-2026-38435 MEDIUM
Server-Side Request Forgery (SSRF) (CWE-918)
2026-06-23 VulnCheck GHSA-w4hm-rrxg-pxcf
6.0
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
6.0 MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.9 MEDIUM

Network-reachable via HTTP API; AC:H reflects internal topology knowledge required; PR:L for mandatory workflow-editor authentication; C:H for cloud metadata credential exposure risk.

3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
4.0 AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jun 23, 2026 - 14:17 EUVD
Source Code Evidence Fetched
Jun 23, 2026 - 13:10 vuln.today
Analysis Generated
Jun 23, 2026 - 13:10 vuln.today

DescriptionCVE.org

Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud metadata, and enumerate internal services by exploiting the missing secureFetch verification in httpSecurity.ts.

AnalysisAI

Server-side request forgery in Flowise's Execute Flow node allows authenticated low-privilege users to coerce the server into issuing HTTP requests to arbitrary internal network addresses by supplying intranet URLs through the base URL configuration field. All flowise and flowise-components npm versions through 3.0.13 are affected due to the Execute Flow code path never invoking the secureFetch wrapper present in httpSecurity.ts. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to Flowise with low-privilege account
Delivery
Create or modify workflow with Execute Flow node
Exploit
Set base URL to internal address or cloud metadata endpoint
Execution
Execute workflow to trigger unvalidated HTTP request
Persist
Server bypasses secureFetch, proxies response to attacker
Impact
Extract IAM credentials or enumerate internal services

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated session with at least low-privilege access to the Flowise interface - specifically, the ability to create or edit workflows containing an Execute Flow node and modify its base URL field. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 6.0 with PR:L and AC:H captures two key constraints: the attacker must be authenticated with at least low-privilege workflow-editing access, and practical exploitation requires knowledge of internal network addresses or cloud metadata endpoint paths (raising attack complexity). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated Flowise user with workflow-editing rights creates or modifies a workflow to include an Execute Flow node, setting the base URL to http://169.254.169.254/latest/meta-data/iam/security-credentials/ on an AWS-hosted instance. When the workflow runs, the Flowise server issues an unauthenticated HTTP request to the metadata endpoint - bypassing all secureFetch checks - and echoes the IAM role credentials back to the attacker through the workflow response. …
Remediation Vendor-released patch: upgrade both flowise and flowise-components to version 3.1.0 or later, which adds the missing secureFetch call to the Execute Flow node's HTTP request path, aligning it with the existing httpSecurity.ts protections applied to other nodes (per GHSA-9hrv-gvrv-6gf2 at https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-9hrv-gvrv-6gf2). … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-59528 CRITICAL POC
10.0 Sep 22

Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete

CVE-2025-8943 CRITICAL POC
9.8 Aug 14

Flowise versions before 3.0.1 allow unauthenticated access to the Custom MCPs feature, which is designed to execute OS c

CVE-2025-26319 CRITICAL POC
9.8 Mar 04

FlowiseAI Flowise version 2.2.6 contains an arbitrary file upload vulnerability in the /api/v1/attachments endpoint. Una

CVE-2025-58434 CRITICAL POC
9.8 Sep 12

Flowise is a drag & drop user interface to build a customized large language model flow. Rated critical severity (CVSS 9

CVE-2026-30821 CRITICAL POC
9.8 Mar 07

Unrestricted file upload in Flowise LLM workflow builder before 3.0.13 via /api/v1/attachments endpoint allows unauthent

CVE-2026-30824 CRITICAL POC
9.8 Mar 07

Missing authentication on NVD data endpoint in Flowise before 3.0.13 allows unauthenticated access to internal vulnerabi

CVE-2026-56274 HIGH POC
8.7 Jun 23

Remote code execution in Flowise before 3.1.2 allows any authenticated user (or API caller with chatflow view/update per

CVE-2026-30820 HIGH POC
8.8 Mar 07

Privilege escalation in Flowise versions prior to 3.0.13 allows authenticated users to bypass API authorization by spoof

CVE-2026-30823 HIGH POC
8.8 Mar 07

Flowise versions up to 3.0.13 is affected by authorization bypass through user-controlled key (CVSS 8.8).

CVE-2025-34267 HIGH POC
8.4 Oct 14

Authenticated remote code execution in FlowiseAI Flowise (v3.0.1 up to but not including 3.0.8, and later versions when

CVE-2024-8181 HIGH POC
8.1 Aug 27

An Authentication Bypass vulnerability exists in Flowise version 1.8.2. Rated high severity (CVSS 8.1), this vulnerabili

CVE-2026-30822 HIGH POC
7.7 Mar 07

Flowise versions up to 3.0.13 is affected by improperly controlled modification of dynamically-determined object attribu

Share

CVE-2026-56275 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy