VIR Vulnerability Intelligence Relay

Package impact

npm npm / flowise

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-43995 critical 9.8 9.8 18d ago Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)
CVE-2026-41274 critical 9.8 9.8 1mo ago Flowise: Cypher Injection in GraphCypherQAChain
CVE-2026-46442 critical 9.5 15d ago FlowiseAI: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape
CVE-2026-8026 medium 5.3 5.3 23d ago Flowise: Bcrypt Password Hash Exposure