SB2026040911 - Multiple vulnerabilities in Flowise

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Improper access control (CVE-ID: CVE-2025-58434)

The vulnerability allows a remote attacker to take over arbitrary accounts.

The vulnerability exists due to improper access control in the /api/v1/account/forgot-password endpoint when handling password reset requests. A remote attacker can obtain a valid password reset token for an arbitrary user and use it to take over arbitrary accounts.

The issue affects both Flowise Cloud and self-hosted deployments that expose the same API, and exploitation requires only knowledge of the victim's email address.

2) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2025-59527)

The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to server-side request forgery (SSRF) in the /api/v1/fetch-links endpoint when processing a user-supplied URL with the webCrawl or xmlScrape method. A remote attacker can send a specially crafted request to disclose sensitive information.

The issue can be used to access internal network web services and enumerate internal administrative endpoints.

3) Code Injection (CVE-ID: CVE-2025-59528)

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper control of code generation in the CustomMCP node when processing a user-supplied mcpServerConfig value through the /api/v1/node-load-method/customMCP endpoint. A remote attacker can send a specially crafted request to execute arbitrary code.

The input is evaluated through the Function() constructor in the Node.js runtime context, which can expose modules such as child_process and fs.

4) Path traversal (CVE-ID: N/A)

The vulnerability allows a remote attacker to read arbitrary files and cause a denial of service.

The vulnerability exists due to path traversal in the chatId parameter handling of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints when processing file download requests. A remote attacker can supply a crafted chatId value to read arbitrary files and cause a denial of service.

In the default configuration, exploitation can expose the local sqlite database and its contents. Knowledge of a valid chatflowId is required, and the advisory states that the /api/v1/vector/upsert/ endpoint may disclose one through a verbose error response.

5) Code Injection (CVE-ID: CVE-2025-57164)

The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to improper control of code generation in the Supabase RPC Filter component when processing a user-supplied filter expression. A remote privileged user can inject malicious JavaScript into the filter expression field to execute arbitrary code.

Exploitation requires the Supabase vector store to be enabled, and the injected code executes within the backend runtime context when the node is triggered.

Remediation

Install update from vendor's website.

References

• https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-wgpv-6j63-x5ph
• https://github.com/advisories/GHSA-wgpv-6j63-x5ph
• https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-hr92-4q35-4j3m
• https://github.com/advisories/GHSA-hr92-4q35-4j3m
• https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-3gcm-f6qx-ff7p
• https://github.com/advisories/GHSA-3gcm-f6qx-ff7p
• https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-99pg-hqvx-r4gf
• https://github.com/advisories/GHSA-99pg-hqvx-r4gf
• https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-7944-7c6r-55vv