VIR Vulnerability Intelligence Relay

Package impact

npm NPM / flowise

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-43995 critical 9.8 9.8 17d ago Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure) npm
CVE-2026-46442 critical 9.5 14d ago FlowiseAI: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape npm
CVE-2026-8026 medium 5.3 5.3 22d ago Flowise: Bcrypt Password Hash Exposure npm