AI Threat Alert

Flowiseai

33 AI/ML vulnerabilities tracked for Flowiseai.

33

Total CVEs

2

Pages

Page 1 of 2

Current

Severity	CVE	Headline	Package	CVSS
HIGH	CVE-2026-30820	Flowise: header spoof auth bypass exposes admin API & creds	flowise	8.8
CRITICAL	CVE-2026-30821	flowise: Arbitrary File Upload enables RCE	flowise	9.8
UNKNOWN	CVE-2026-30822	Flowise: mass assignment allows unauthenticated DB injection	flowise	-
UNKNOWN	CVE-2026-30823	Flowise: IDOR enables account takeover and SSO bypass	flowise	-
CRITICAL	CVE-2026-30824	Flowise: auth bypass exposes NVIDIA NIM container endpoints	flowise	9.8
HIGH	CVE-2026-31829	Flowise: SSRF via HTTP Node exposes internal network	flowise-components	8.8
HIGH	CVE-2024-36420	Flowise: unauthenticated arbitrary file read via API	flowise	7.5
HIGH	CVE-2024-36421	Flowise: CORS wildcard enables file read and data theft	flowise	7.5
MEDIUM	CVE-2024-36422	Flowise: reflected XSS enables session hijack and file read	flowise	6.1
MEDIUM	CVE-2024-36423	Flowise: reflected XSS in chatflow API enables session hijack	flowise	6.1
MEDIUM	CVE-2024-37145	Flowise: reflected XSS enables file read chain via chatflow	flowise	6.1
MEDIUM	CVE-2024-37146	Flowise: reflected XSS enables credential theft	flowise	6.1
CRITICAL	CVE-2025-58434	Flowise: auth bypass in reset flow allows full ATO	flowise	9.8
HIGH	CVE-2025-59527	Flowise: unauthenticated SSRF exposes internal network	flowise	7.5
CRITICAL	CVE-2025-59528	Flowise: Unauthenticated RCE via MCP config injection	flowise	10.0
HIGH	CVE-2025-61687	Flowise: unrestricted file upload enables persistent RCE	flowise	8.8
CRITICAL	CVE-2025-61913	Flowise: path traversal in file tools leads to RCE	flowise	9.9
HIGH	CVE-2026-41279	Flowise: unauth API key abuse via TTS endpoint IDOR	flowise	7.5
CRITICAL	CVE-2026-41265	Flowise: RCE via prompt injection in Airtable Agent	flowise	9.8
HIGH	CVE-2026-41137	Flowise: RCE via CSVAgent unsanitized code injection	flowise	8.8

Page 1 of 2