Flowiseai Flowise
46 CVEs affecting Flowiseai Flowise. Latest disclosed: 2026-05-11. Critical: 8, High: 17.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-40933 | Critical | 10.0 | 2026-04-21 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the M… |
CVE-2025-61913 | Critical | 10.0 | 2025-10-08 | Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise… |
CVE-2025-59528 | Critical | 10.0 | 2025-09-22 | Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The… |
CVE-2026-43995 | Critical | 9.8 | 2026-05-11 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invo… |
CVE-2026-41274 | Critical | 9.8 | 2026-04-23 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided inp… |
CVE-2025-58434 | Critical | 9.8 | 2025-09-12 | Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the `forgot-password` endpoint in Flowis… |
CVE-2024-8181 | Critical | 9.8 | 2024-08-27 | An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an admin… |
CVE-2025-59434 | Critical | 9.6 | 2025-09-22 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to August 2025 Cloud-Hosted Flowise, an authenticated vulnerabil… |
CVE-2026-30823 | High | 8.8 | 2026-03-07 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, there is an IDOR vulnerability, leading to ac… |
CVE-2026-41138 | High | 8.3 | 2026-04-23 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in Airt… |
CVE-2025-61687 | High | 8.3 | 2025-10-06 | Flowise is a drag & drop user interface to build a customized large language model flow. A file upload vulnerability in version 3.0.7 of FlowiseAI allows authe… |
CVE-2025-50538 | High | 8.2 | 2025-10-06 | Flowise before 3.0.5 allows XSS via an IFRAME element when an admin views the chat log. |
CVE-2025-29192 | High | 8.2 | 2025-10-06 | Flowise before 3.0.5 allows XSS via a FORM element and an INPUT element when an admin views the chat log. |
CVE-2026-41267 | High | 8.1 | 2026-04-23 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment (JSON injection) vulnerabi… |
CVE-2026-41268 | High | 7.7 | 2026-04-23 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated re… |
CVE-2026-30822 | High | 7.7 | 2026-03-07 | Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, unauthenticated users can inject arbitrary va… |
CVE-2025-59527 | High | 7.5 | 2025-09-22 | Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery (SSRF) vulnerability w… |
CVE-2024-8182 | High | 7.5 | 2024-08-27 | An Unauthenticated Denial of Service (DoS) vulnerability exists in Flowise version 1.8.2 leading to a complete crash of the instance running a vulnerable versi… |
CVE-2024-36421 | High | 7.5 | 2024-07-01 | Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, A CORS misconfiguration sets the Access-C… |
CVE-2024-36420 | High | 7.5 | 2024-07-01 | Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the `/api/v1/openai-assistants-file` endp… |