Flowiseai Flowiseai

  1. Vendors
  2. Flowiseai

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Flowiseai product.

RSS Feeds for Flowiseai security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Flowiseai products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Flowiseai Sorted by Most Security Vulnerabilities since 2018

Flowiseai Flowise69 vulnerabilities

Flowiseai Embed1 vulnerability

By the Year

In 2026 there have been 48 vulnerabilities in Flowiseai with an average score of 6.7 out of ten. Last year, in 2025 Flowiseai had 11 security vulnerabilities published. That is, 37 more vulnerabilities have already been reported in 2026 as compared to last year. Last year, the average CVE base score was greater by 2.25

Year Vulnerabilities Average Score
2026 48 6.70
2025 11 8.95
2024 10 6.79

It may take a day or so for new Flowiseai vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Flowiseai Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-12821 Jun 21, 2026
Path Traversal in FlowiseAI Flowise S3 Doc Loader before 3.1.2 A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Flowise
CVE-2026-56276 Jun 20, 2026
CVE-2026-56276 Flowise <3.1.2 Mass Assignment: Credential Override Flowise before 3.1.2 contains a mass assignment vulnerability in the PUT /api/v1/user endpoint that allows authenticated users to directly modify the credential field without validation. Attackers can bypass password change verification and session invalidation by supplying a crafted password hash, establishing persistent account access after temporary session compromise.
Flowise
CVE-2026-56267 Jun 20, 2026
Flowise 3.0.12: Forgot-Password Endpoint Exposes PII Flowise before 3.0.13 contains an information exposure vulnerability in the POST /api/v1/account/forgot-password endpoint that returns full user objects including PII to unauthenticated attackers. An attacker can enumerate valid email addresses and harvest sensitive user data including user IDs, names, account status, and timestamps by sending requests with known email addresses.
Flowise
CVE-2025-71331 Jun 20, 2026
Flowise <3.0.8 XSS via Chat & Agent Functions Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScript by sending an iframe payload (e.g., <iframe src="javascript:alert(document.cookie)">) in a chat box, or by having a custom agent function return an XSS payload from an external website. The injected script executes in the victim's browser, enabling theft of cookies and session data.
Flowise
CVE-2024-58351 Jun 20, 2026
RCE in Flowise <2.1.4 via overrideConfig leading to sandbox escape (Chainflow) Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, supported in both the frontend web integration and the backend Prediction API. Because this feature is enabled by default with no allow-list of permitted variables and relies on vm2 for sandboxing, an attacker can abuse it to achieve remote code execution and sandbox escape, denial of service by crashing the server, server-side request forgery, prompt injection, and server variable and data exfiltration. These issues are self-targeted and do not persist to other users.
Flowise
CVE-2026-46480 Jun 08, 2026
MassAssignment flaw grants crossworkspace evaluator takeover in Flowise <3.1.2 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2.
Flowise
CVE-2026-46479 Jun 08, 2026
Flowise <3.1.2 Mass-Assignment CVE-2026-46479 Enables Cross-Workspace Eval Takeover Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2.
Flowise
CVE-2026-46478 Jun 08, 2026
Flowise DatasetRow massassignment allows crossworkspace takeover (pre 3.1.2) Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2.
Flowise
CVE-2026-46477 Jun 08, 2026
Flowise <3.1.2 Mass-Assignment flaw enables cross-workspace takeover Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2.
Flowise
CVE-2026-46476 Jun 08, 2026
Flowise 3.1.2- Cross-workspace Template Takeover via CustomTemplate Mass-Assignment Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2.
Flowise
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.