What is CVE-2024-58351?

CVE-2024-58351 is a critical-severity vulnerability in Flowise, classified under Code Injection. CVSS score: 9.8/10. Published 2026-06-20.

How severe is CVE-2024-58351?

Critical severity. CVSS v3 base score is 9.8 out of 10.

RCE in Flowise

CVE-2024-58351

Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, supported in both the frontend web integration and the backend Prediction API. Because this feature is enabled by d…

Vulnerability class: RCE (Remote Code Execution)

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Flowise — versions 0, 2.1.4

Weakness classification (CWE)

CWE-94 — Code Injection

References

disclosure@vulncheck.com (vendor-advisory)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2024-58351?: CVE-2024-58351 is a critical-severity vulnerability in Flowise, classified under Code Injection. CVSS score: 9.8/10. Published 2026-06-20.
How severe is CVE-2024-58351?: Critical severity. CVSS v3 base score is 9.8 out of 10.