Skip to main content

Flowise Components

4 CVEs product

Monthly

CVE-2026-41274 npm CRITICAL PATCH GHSA Act Now

Cypher injection in Flowise GraphCypherQAChain node allows remote unauthenticated attackers to execute arbitrary database commands against connected Neo4j instances. Attackers can exfiltrate, modify, or delete data in the graph database by injecting malicious Cypher queries through user-controlled input fields that bypass sanitization (CWE-943: Improper Neutralization of Special Elements in Data Query Logic). The vulnerability affects both Flowise core and flowise-components packages prior to version 3.1.0. CVSS 9.3 critical severity reflects network-accessible attack vector requiring no authentication or user interaction. EPSS data unavailable; no CISA KEV listing indicates exploitation not yet confirmed in the wild, though GitHub security advisory confirms vendor awareness and patch availability.

Code Injection Nosql Injection Flowise Flowise Components
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-41271 npm HIGH PATCH GHSA This Week

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests to internal and external systems. By injecting malicious prompt templates, attackers can bypass the intended API documentation constraints and redirect requests to sensitive internal services, potentially leading to internal network reconnaissance and data exfiltration. This vulnerability is fixed in 3.1.0.

SSRF Flowise Flowise Components
NVD GitHub VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-41272 npm HIGH PATCH GHSA This Week

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers (secureAxiosRequest and secureFetch) intended to prevent Server-Side Request Forgery (SSRF) contain multiple logic flaws. These flaws allow attackers to bypass the allow/deny lists via DNS Rebinding (Time-of-Check Time-of-Use) or by exploiting the default configuration which fails to enforce any deny list. This vulnerability is fixed in 3.1.0.

SSRF Flowise Flowise Components
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-41137 npm CRITICAL PATCH GHSA Act Now

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, The CSVAgent allows providing a custom Pandas CSV read code. Due to lack of sanitization, an attacker can provide a command injection payload that will get interpolated and executed by the server. This vulnerability is fixed in 3.1.0.

RCE Command Injection Code Injection Flowise Flowise Components
NVD GitHub VulDB
CVSS 4.0
9.4
EPSS
0.6%
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Cypher injection in Flowise GraphCypherQAChain node allows remote unauthenticated attackers to execute arbitrary database commands against connected Neo4j instances. Attackers can exfiltrate, modify, or delete data in the graph database by injecting malicious Cypher queries through user-controlled input fields that bypass sanitization (CWE-943: Improper Neutralization of Special Elements in Data Query Logic). The vulnerability affects both Flowise core and flowise-components packages prior to version 3.1.0. CVSS 9.3 critical severity reflects network-accessible attack vector requiring no authentication or user interaction. EPSS data unavailable; no CISA KEV listing indicates exploitation not yet confirmed in the wild, though GitHub security advisory confirms vendor awareness and patch availability.

Code Injection Nosql Injection Flowise +1
NVD GitHub VulDB
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests to internal and external systems. By injecting malicious prompt templates, attackers can bypass the intended API documentation constraints and redirect requests to sensitive internal services, potentially leading to internal network reconnaissance and data exfiltration. This vulnerability is fixed in 3.1.0.

SSRF Flowise Flowise Components
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers (secureAxiosRequest and secureFetch) intended to prevent Server-Side Request Forgery (SSRF) contain multiple logic flaws. These flaws allow attackers to bypass the allow/deny lists via DNS Rebinding (Time-of-Check Time-of-Use) or by exploiting the default configuration which fails to enforce any deny list. This vulnerability is fixed in 3.1.0.

SSRF Flowise Flowise Components
NVD GitHub VulDB
EPSS 1% CVSS 9.4
CRITICAL PATCH Act Now

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, The CSVAgent allows providing a custom Pandas CSV read code. Due to lack of sanitization, an attacker can provide a command injection payload that will get interpolated and executed by the server. This vulnerability is fixed in 3.1.0.

RCE Command Injection Code Injection +2
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy