ZDI-CAN-29412
CRITICAL 9.8
Upcoming
Feb 26, 2026
Flowise
Flowise is an open-source platform for building AI applications and workflows. This critical vulnerability (CVSS 9.8) can be exploited remotely by an unauthenticated attacker with no user interaction required, resulting in complete compromise of confidentiality, integrity, and availability. Security teams should immediately monitor for exploitation attempts against Flowise deployments and prepare patches for deployment by the June 2026 vendor deadline.
Advisory Details
Researcher
Dre Cura (@dre_cura) and Nicholas Zubrisky (@NZubrisky) of TrendAI Research
Reported
February 26, 2026
Deadline
June 26, 2026
71d
CVSS Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H