AI Threat Alert
Flowise Vulnerabilities
npm AI Agents80
Total CVEs
16
Critical
npm
Ecosystem
May 20, 2026
Last CVE
61%
Patch Rate
1d
Avg Time to Patch
Known Vulnerabilities (80 total, page 1 of 4)
Severity CVE ID Summary CVSS Published
MEDIUM GHSA-m837-xvxr-vqwg Flowise: hardcoded CORS wildcard enables drive-by credential abuse -- May 20, 2026 MEDIUM GHSA-59fh-9f3p-7m39 Flowise: mass assignment bypasses password controls -- May 20, 2026 MEDIUM GHSA-c2c9-mfw7-p8hw Flowise: cross-workspace chatflow config disclosure -- May 20, 2026 HIGH GHSA-hmg2-jjjx-jcp2 Flowise: missing authz on vector store CRUD endpoints -- May 14, 2026 HIGH GHSA-78pr-c5x5-jggc Flowise: IDOR via mass assignment breaks tenant isolation -- May 14, 2026 HIGH GHSA-728h-4mwj-f2p4 Flowise: mass assignment breaks cross-workspace isolation -- May 14, 2026 HIGH GHSA-5h9v-837x-m97r Flowise: mass assignment enables cross-workspace data takeover -- May 14, 2026 HIGH GHSA-7j65-65cr-6644 Flowise: mass assignment breaks cross-workspace isolation -- May 14, 2026 HIGH GHSA-mq53-pc65-wjc4 Flowise: mass assignment breaks workspace isolation -- May 14, 2026 HIGH GHSA-wxrr-jp8m-qq7f Flowise: mass assignment enables cross-workspace IDOR -- May 14, 2026 HIGH CVE-2026-42861 Flowise: mass assignment breaks multi-tenant isolation -- May 14, 2026 HIGH CVE-2026-42862 Flowise: mass assignment breaks tenant isolation -- May 14, 2026 HIGH CVE-2026-42863 Flowise: Mass Assignment enables cross-workspace takeover -- May 14, 2026 HIGH GHSA-php6-83fg-gw3g Flowise: brute-force auth grants full agent platform access 7.5 May 14, 2026 HIGH GHSA-m99r-2hxc-cp3q Flowise MCP: 3-path blocklist bypass enables server RCE -- May 14, 2026 HIGH GHSA-hp26-q66v-q2w7 Flowise: mass assignment breaks multi-tenant isolation -- May 14, 2026 CRITICAL GHSA-9rvc-vf7m-pgm2 Flowise: auth RCE via NodeVM sandbox escape -- May 14, 2026 HIGH GHSA-7g73-99r4-m4mj Flowise: credential data leak via filtered API endpoint -- May 14, 2026 LOW CVE-2026-8026 Flowise: info disclosure via login API response handler 3.7 May 6, 2026 CRITICAL CVE-2026-43995 Flowise: SSRF in agent tools bypasses security wrapper 9.8 May 11, 2026 CRITICAL CVE-2026-41274 Flowise: Cypher injection via GraphCypherQAChain node 9.8 Apr 23, 2026 HIGH CVE-2026-41279 Flowise: unauth API key abuse via TTS endpoint IDOR 7.5 Apr 23, 2026 HIGH CVE-2026-41278 Flowise: credential exposure in public chatflow API 7.5 Apr 23, 2026 HIGH CVE-2026-41277 Flowise: mass assignment enables cross-workspace IDOR 8.8 Apr 23, 2026 CRITICAL CVE-2026-41276 Flowise: auth bypass enables full account takeover via reset 9.8 Apr 23, 2026 Showing 1–25 of 80
Monitor Flowise in your stack
Get instant alerts when new vulnerabilities affect Flowise. CISO analysis, ATLAS technique mappings, and compliance reports included.
Start Monitoring