AI Threat Alert
Flowise
AI Threat Alert tracks 4 known AI/ML vulnerabilities affecting Flowise products — each enriched with CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis. Browse every Flowise CVE below, sorted by severity and recency.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2024-58351 | Flowise: RCE and sandbox escape via overrideConfig | Flowise | 9.8 |
| MEDIUM | CVE-2025-71331 | Flowise: XSS enables session hijacking in AI agent UI | Flowise | 6.1 |
| UNKNOWN | CVE-2026-56267 | Flowise: PII exposure via unauthenticated password reset | Flowise | - |
| UNKNOWN | CVE-2026-56276 | Flowise: mass assignment enables credential hash override | Flowise | - |
Frequently asked questions
How many known vulnerabilities affect Flowise?
4 AI/ML CVEs affecting Flowise products are tracked, sourced from NVD and GitHub Advisory.
What Flowise products are affected?
The CVEs below map to the Flowise AI/ML packages and tools tracked by AI Threat Alert; open any CVE to see the affected components and versions.
Where does the Flowise vulnerability data come from?
Data is sourced from NVD and GitHub Advisory, then enriched with CVSS severity, EPSS exploit probability, and patch status for each CVE.
How can I monitor Flowise for new vulnerabilities?
AI Threat Alert tracks Flowise continuously; a Pro subscription adds breaking alerts when new CVEs affecting Flowise are published.
How do I assess Flowise's security exposure?
Each CVE below carries CVSS severity and exploitation signals, so you can review the highest-severity Flowise issues first and judge the exposure for your stack.