threat
engine
.sh
Back
·
··:··
Home
/
Product
/
flowiseai flowise
Product
flowiseai flowise
50 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-8028
<= 3.0.12
A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/e
3.7
LOW
CVE-2026-8027
<= 3.0.12
A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of th
4.3
MEDIUM
CVE-2026-8026
<= 3.0.12
A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/
3.7
LOW
CVE-2026-41274
< 3.1.0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain no
9.8
CRITICAL
CVE-2026-41279
< 3.1.0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech genera
7.5
HIGH
CVE-2026-41278
< 3.1.0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-ch
7.5
HIGH
CVE-2026-41277
< 3.1.0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnera
8.8
HIGH
CVE-2026-41276
< 3.1.0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows
9.8
CRITICAL
CVE-2026-41275
< 3.1.0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functi
7.5
HIGH
CVE-2026-41273
< 3.1.0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authe
8.2
HIGH
CVE-2026-41272
< 3.1.0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrapper
7.1
HIGH
CVE-2026-41271
< 3.1.0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request For
8.3
HIGH
CVE-2026-41270
< 3.1.0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request For
7.1
HIGH
CVE-2026-41269
< 3.1.0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuratio
7.1
HIGH
CVE-2026-41268
< 3.1.0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to
9.8
CRITICAL
CVE-2026-41267
< 3.1.0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignme
8.1
HIGH
CVE-2026-41266
< 3.1.0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotCon
7.5
HIGH
CVE-2026-41265
< 3.1.0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists
9.8
CRITICAL
CVE-2026-41264
< 3.1.0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists
9.8
CRITICAL
CVE-2026-41138
< 3.1.0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code ex
8.8
HIGH
CVE-2026-41137
< 3.1.0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, The CSVAgent allows provi
8.8
HIGH
CVE-2026-40933
< 3.1.0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serializati
9.9
CRITICAL
CVE-2026-31829
< 3.0.13
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP
7.1
HIGH
CVE-2026-30824
< 3.0.13
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NVIDIA NIM r
9.8
CRITICAL
CVE-2026-30823
< 3.0.13
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, there is an IDOR
8.8
HIGH
CVE-2026-30822
< 3.0.13
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, unauthenticated
7.7
HIGH
CVE-2026-30821
< 3.0.13
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the /api/v1/atta
9.8
CRITICAL
CVE-2026-30820
< 3.0.13
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, Flowise trusts a
8.8
HIGH
CVE-2025-57164
all versions
Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter
6.5
MEDIUM
CVE-2025-34267
>= 3.0.1 and < 3.0.8
Flowise v3.0.1 < 3.0.8 and all versions after with 'ALLOW_BUILTIN_DEP' enabled contain an authenticated remote code execution vuln
9.9
CRITICAL
CVE-2025-61913
< 3.0.8
Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool
9.9
CRITICAL
CVE-2025-61687
all versions
Flowise is a drag & drop user interface to build a customized large language model flow. A file upload vulnerability in version 3.
8.3
HIGH
CVE-2025-50538
< 3.0.5
Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log.
8.2
HIGH
CVE-2025-29192
< 3.0.5
Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log.
8.2
HIGH
CVE-2025-59528
all versions
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable t
10.0
CRITICAL
CVE-2025-59527
all versions
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request F
7.5
HIGH
CVE-2025-58434
< 3.0.6
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the `forgot
9.8
CRITICAL
CVE-2025-8943
< 3.0.1
The Custom MCPs feature is designed to execute OS commands, for instance, using tools like
npx
to spin up local MCP Servers. How
9.8
CRITICAL
CVE-2025-29189
<= 2.2.3
Flowise <= 2.2.3 is vulnerable to SQL Injection. via tableName parameter at Postgres_VectorStores.
7.6
HIGH
CVE-2025-26319
all versions
FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.
9.8
CRITICAL
CVE-2024-9148
< 2.1.1
Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0.
9.6
CRITICAL
CVE-2024-8182
all versions
An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instan
7.5
HIGH
CVE-2024-8181
all versions
An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to acc
9.8
CRITICAL
CVE-2024-37146
<= 1.4.3
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected
6.1
MEDIUM
CVE-2024-37145
<= 1.4.3
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected
6.1
MEDIUM
CVE-2024-36423
<= 1.4.3
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected
6.1
MEDIUM
CVE-2024-36422
all versions
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected
6.1
MEDIUM
CVE-2024-36421
all versions
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, A CORS misco
7.5
HIGH
CVE-2024-36420
all versions
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the `/api/v1
7.5
HIGH
CVE-2024-31621
<= 1.6.5
An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to th
7.6
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin