SB20260415153 - Multiple vulnerabilities in Flowise
Published: April 15, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 8 secuirty vulnerabilities.
1) Server-Side Request Forgery (SSRF) (CVE-ID: N/A)
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to improper restriction of server-side request targets in Execute Flow base url handling when processing a prediction request. A remote user can provide a crafted intranet address in the base url field to disclose sensitive information.
Exploitation can cause the server to initiate HTTP requests to internal network addresses, including cloud metadata services, and can be used to detect internal network services.
2) Improper access control (CVE-ID: N/A)
The vulnerability allows a remote user to access internal network resources and disclose sensitive information.
The vulnerability exists due to improper access control in tool components that directly use node-fetch or axios when processing outbound HTTP requests. A remote user can send a crafted prompt that triggers a vulnerable tool to issue requests to internal or metadata endpoints to access internal network resources and disclose sensitive information.
Only deployments with affected tools enabled are vulnerable.
3) Path traversal (CVE-ID: N/A)
The vulnerability allows a remote user to write files to arbitrary locations on the server filesystem.
The vulnerability exists due to path traversal in the Faiss and SimpleStore vector store implementations when handling a user-controlled basePath parameter during vector store insertion. A remote user can send a specially crafted request with a malicious basePath value to write files to arbitrary locations on the server filesystem.
Exploitation requires a valid API token with documentStores:upsert-config permission, an existing Document Store with at least one processed chunk, and valid embedding provider credentials.
4) OS Command Injection (CVE-ID: N/A)
The vulnerability allows a remote user to execute arbitrary commands.
The vulnerability exists due to improper neutralization of special elements used in an os command in the MCP adapter Custom MCP stdio configuration when processing user-supplied stdio command arguments. A remote user can add a crafted MCP stdio server configuration with an arbitrary command to execute arbitrary commands.
The issue is exposed through the Custom MCP configuration in the canvas interface.
5) Use of hard-coded credentials (CVE-ID: N/A)
The vulnerability allows a local privileged user to disclose sensitive information and manipulate token metadata.
The vulnerability exists due to use of hard-coded credentials in tempTokenUtils.ts when deriving the token encryption key from an unset TOKEN_HASH_SECRET environment variable. A local privileged user can use the weak default secret to decrypt and modify encrypted token metadata to disclose sensitive information and manipulate token metadata.
User interaction is required, and the issue is exposed only when TOKEN_HASH_SECRET is not configured.
6) Use of hard-coded credentials (CVE-ID: N/A)
The vulnerability allows a local privileged user to disclose sensitive information and modify application state by forging session cookies.
The vulnerability exists due to use of hard-coded credentials in the express-session secret configuration when the EXPRESS_SESSION_SECRET environment variable is not set. A local privileged user can create forged session cookies to disclose sensitive information and modify application state by impersonating arbitrary users.
The issue is exposed only when the application uses the default secret value 'flowise', and user interaction is required.
7) Use of hard-coded cryptographic key (CVE-ID: N/A)
The vulnerability allows a local privileged user to bypass authentication and impersonate any user.
The vulnerability exists due to use of hard-coded cryptographic keys in JWT secret handling in packages/server/src/enterprise/middleware/passport/index.ts when processing JWT-based authentication. A local privileged user can forge valid JWTs to bypass authentication and impersonate any user.
User interaction is required, and exploitation is possible when JWT environment variables are unset and weak default values are used.
8) Missing Authentication for Critical Function (CVE-ID: N/A)
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to missing authentication for a critical function in the /api/v1/loginmethod endpoint when handling GET requests with an organizationId parameter. A remote attacker can send a specially crafted request to disclose sensitive information.
The response can include OAuth client secrets in cleartext for an organization's configured SSO providers.
Remediation
Install update from vendor's website.
References
- https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-9hrv-gvrv-6gf2
- https://github.com/advisories/GHSA-9hrv-gvrv-6gf2
- https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-qqvm-66q4-vf5c
- https://github.com/advisories/GHSA-qqvm-66q4-vf5c
- https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-w6v6-49gh-mc9w
- https://github.com/advisories/GHSA-w6v6-49gh-mc9w
- https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-c9gw-hvqq-f33r
- https://github.com/advisories/GHSA-c9gw-hvqq-f33r
- https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-m7mq-85xj-9x33
- https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2qqc-p94c-hxwh
- https://github.com/advisories/GHSA-2qqc-p94c-hxwh
- https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-cc4f-hjpj-g9p8
- https://github.com/advisories/GHSA-cc4f-hjpj-g9p8
- https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6pcv-j4jx-m4vx