SB2026050496 - Multiple vulnerabilities in Flowise



SB2026050496 - Multiple vulnerabilities in Flowise

Published: May 4, 2026

Security Bulletin ID SB2026050496
CSH Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 40% Medium 60%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 vulnerabilities.


1) Improper access control (CVE-ID: CVE-2026-41268)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper access control in the replaceInputsWithConfig function when handling overrideConfig parameters containing the FILE-STORAGE:: keyword. A remote attacker can send a specially crafted HTTP request to execute arbitrary code.

Exploitation requires a public chatflow with API Override enabled and an MCP tool node present.


2) Missing Authorization (CVE-ID: CVE-2026-41266)

CWE-ID: CWE-862 - Missing Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to disclose sensitive information.

The vulnerability exists due to missing authorization in the /api/v1/public-chatbotConfig/:id endpoint when handling requests for public chatbot configuration data. A remote attacker can send a request with a known chatflow UUID to disclose sensitive information.

Knowledge of a chatflow UUID is the only prerequisite and may be obtained from embedded chat widgets, referrer headers, or logs.


3) Improperly Controlled Modification of Dynamically-Determined Object Attributes (CVE-ID: CVE-2026-41267)

CWE-ID: CWE-915 - Improperly Controlled Modification of Dynamically-Determined Object Attributes

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain unauthorized cross-tenant access and escalate privileges.

The vulnerability exists due to improperly controlled modification of dynamically-determined object attributes in the account registration endpoint when processing registration requests. A remote attacker can send a specially crafted request containing injected server-managed fields and nested objects to gain unauthorized cross-tenant access and escalate privileges.

The issue affects multi-tenant deployments and can allow unauthorized association of a newly created account with an existing organization during registration.


4) Code Injection (CVE-ID: CVE-2026-41137)

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to improper control of code generation in CSVAgent when processing a user-supplied custom Pandas CSV read code value. A remote user can send a specially crafted request that defines a malicious chatflow and triggers its execution to execute arbitrary code.

If instance credentials are not configured, authentication can be bypassed by supplying the x-request-from: internal header.


5) Code Injection (CVE-ID: CVE-2026-41138)

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote user to execute arbitrary code.

The vulnerability exists due to improper control of code generation in AirtableAgent.ts when processing user-supplied prompt input with Pandas through the LLMChain workflow. A remote user can send a specially crafted prompt injection payload to execute arbitrary code.

The issue occurs because user input is reflected into generated Python code that is subsequently executed by Pyodide.


Remediation

Install update from vendor's website.