Vulnerability in Flowise
CVE-2025-71333
Flowise through 2.2.4 contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint when storageType is set to local. Attackers can exploit path traversal in the chatId and chatflowId parameters to upl…
Affected products
- Flowise — versions 0
Weakness classification (CWE)
References
- disclosure@vulncheck.com (vendor-advisory)
- disclosure@vulncheck.com (third-party-advisory)