Flowiseai
AI Threat Alert tracks 35 known AI/ML vulnerabilities affecting Flowiseai products — each enriched with CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis. Browse every Flowiseai CVE below, sorted by severity and recency.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2026-41138 | Flowise: RCE via unsanitized input in AirtableAgent | flowise | 8.8 |
| HIGH | CVE-2026-41266 | Flowise: unauthenticated API key exposure via chatbot config | flowise | 7.5 |
| CRITICAL | CVE-2026-41267 | Flowise: mass assignment auth bypass in registration | flowise | 9.8 |
| CRITICAL | CVE-2026-41268 | Flowise: unauthenticated RCE via NODE_OPTIONS env injection | flowise | 9.8 |
| HIGH | CVE-2026-41269 | Flowise: unrestricted file upload enables persistent RCE | flowise | 8.8 |
| HIGH | CVE-2026-41270 | Flowise: SSRF bypass exposes cloud metadata services | flowise | 8.3 |
| HIGH | CVE-2026-41271 | Flowise: SSRF via prompt template injection in API Chain | flowise | 8.3 |
| HIGH | CVE-2026-41272 | Flowise: SSRF bypass via DNS rebinding exposes internal networks | flowise | 7.1 |
| HIGH | CVE-2026-41273 | Flowise: auth bypass exposes OAuth 2.0 tokens | flowise | 8.2 |
| HIGH | CVE-2026-41275 | Flowise: HTTP password reset link allows MITM takeover | flowise | 7.5 |
| CRITICAL | CVE-2026-41276 | Flowise: auth bypass enables full account takeover via reset | flowise | 9.8 |
| HIGH | CVE-2026-41277 | Flowise: mass assignment enables cross-workspace IDOR | flowise | 8.8 |
| HIGH | CVE-2026-41278 | Flowise: credential exposure in public chatflow API | flowise | 7.5 |
| MEDIUM | CVE-2026-12821 | Flowise: path traversal in S3 loader exposes documents | Flowise | 6.3 |
| HIGH | CVE-2025-34267 | Flowise | - |
Page 2 of 2
Frequently asked questions
How many known vulnerabilities affect Flowiseai?
35 AI/ML CVEs affecting Flowiseai products are tracked, sourced from NVD and GitHub Advisory.
What Flowiseai products are affected?
The CVEs below map to the Flowiseai AI/ML packages and tools tracked by AI Threat Alert; open any CVE to see the affected components and versions.
Where does the Flowiseai vulnerability data come from?
Data is sourced from NVD and GitHub Advisory, then enriched with CVSS severity, EPSS exploit probability, and patch status for each CVE.
How can I monitor Flowiseai for new vulnerabilities?
AI Threat Alert tracks Flowiseai continuously; a Pro subscription adds breaking alerts when new CVEs affecting Flowiseai are published.
How do I assess Flowiseai's security exposure?
Each CVE below carries CVSS severity and exploitation signals, so you can review the highest-severity Flowiseai issues first and judge the exposure for your stack.