SB2026050496 - Multiple vulnerabilities in Flowise
Published: May 4, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 vulnerabilities.
1) Improper access control (CVE-ID: CVE-2026-41268)
CWE-ID: CWE-284 - Improper Access Control
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper access control in the replaceInputsWithConfig function when handling overrideConfig parameters containing the FILE-STORAGE:: keyword. A remote attacker can send a specially crafted HTTP request to execute arbitrary code.
Exploitation requires a public chatflow with API Override enabled and an MCP tool node present.
2) Missing Authorization (CVE-ID: CVE-2026-41266)
CWE-ID: CWE-862 - Missing Authorization
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to missing authorization in the /api/v1/public-chatbotConfig/:id endpoint when handling requests for public chatbot configuration data. A remote attacker can send a request with a known chatflow UUID to disclose sensitive information.
Knowledge of a chatflow UUID is the only prerequisite and may be obtained from embedded chat widgets, referrer headers, or logs.
CWE-ID: CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to gain unauthorized cross-tenant access and escalate privileges.
The vulnerability exists due to improperly controlled modification of dynamically-determined object attributes in the account registration endpoint when processing registration requests. A remote attacker can send a specially crafted request containing injected server-managed fields and nested objects to gain unauthorized cross-tenant access and escalate privileges.
The issue affects multi-tenant deployments and can allow unauthorized association of a newly created account with an existing organization during registration.
4) Code Injection (CVE-ID: CVE-2026-41137)
CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to improper control of code generation in CSVAgent when processing a user-supplied custom Pandas CSV read code value. A remote user can send a specially crafted request that defines a malicious chatflow and triggers its execution to execute arbitrary code.
If instance credentials are not configured, authentication can be bypassed by supplying the x-request-from: internal header.
5) Code Injection (CVE-ID: CVE-2026-41138)
CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to execute arbitrary code.
The vulnerability exists due to improper control of code generation in AirtableAgent.ts when processing user-supplied prompt input with Pandas through the LLMChain workflow. A remote user can send a specially crafted prompt injection payload to execute arbitrary code.
The issue occurs because user input is reflected into generated Python code that is subsequently executed by Pyodide.
Remediation
Install update from vendor's website.
References
- https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-cvrr-qhgw-2mm6
- https://github.com/advisories/GHSA-cvrr-qhgw-2mm6
- https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-4jpm-cgx2-8h37
- https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-48m6-ch88-55mj
- https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-9wc7-mj3f-74xv
- https://github.com/FlowiseAI/Flowise/blob/78674897270d58a7086c6c7ccefcc44a5fe9fbf6/packages/components/nodes/agents/CSVAgent/CSVAgent.ts#L157
- https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-f228-chmx-v6j6