AI Threat Alert
Flowiseai
33 AI/ML vulnerabilities tracked for Flowiseai.
33
Total CVEs
2
Pages
Page 2 of 2
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2026-41138 | Flowise: RCE via unsanitized input in AirtableAgent | flowise | 8.8 |
| HIGH | CVE-2026-41266 | Flowise: unauthenticated API key exposure via chatbot config | flowise | 7.5 |
| CRITICAL | CVE-2026-41267 | Flowise: mass assignment auth bypass in registration | flowise | 9.8 |
| CRITICAL | CVE-2026-41268 | Flowise: unauthenticated RCE via NODE_OPTIONS env injection | flowise | 9.8 |
| HIGH | CVE-2026-41269 | Flowise: unrestricted file upload enables persistent RCE | flowise | 8.8 |
| HIGH | CVE-2026-41270 | Flowise: SSRF bypass exposes cloud metadata services | flowise | 8.3 |
| HIGH | CVE-2026-41271 | Flowise: SSRF via prompt template injection in API Chain | flowise | 8.3 |
| HIGH | CVE-2026-41272 | Flowise: SSRF bypass via DNS rebinding exposes internal networks | flowise | 7.1 |
| HIGH | CVE-2026-41273 | Flowise: auth bypass exposes OAuth 2.0 tokens | flowise | 8.2 |
| HIGH | CVE-2026-41275 | Flowise: HTTP password reset link allows MITM takeover | flowise | 7.5 |
| CRITICAL | CVE-2026-41276 | Flowise: auth bypass enables full account takeover via reset | flowise | 9.8 |
| HIGH | CVE-2026-41277 | Flowise: mass assignment enables cross-workspace IDOR | flowise | 8.8 |
| HIGH | CVE-2026-41278 | Flowise: credential exposure in public chatflow API | flowise | 7.5 |
Page 2 of 2