| CVE-2026-43995 |
critical |
9.8 |
9.8 |
17d ago |
Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure) |
|
| CVE-2026-41274 |
critical |
9.8 |
9.8 |
1mo ago |
Flowise: Cypher Injection in GraphCypherQAChain |
|
| CVE-2026-41264 |
unknown |
— |
— |
1mo ago |
Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability |
|
| CVE-2026-41265 |
unknown |
— |
— |
1mo ago |
Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability |
|
| CVE-2026-41271 |
unknown |
— |
— |
1mo ago |
Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains |
|
| CVE-2026-41272 |
unknown |
— |
— |
1mo ago |
Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure) |
|
| CVE-2026-41270 |
unknown |
— |
— |
1mo ago |
Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox |
|
| CVE-2026-41268 |
unknown |
— |
— |
1mo ago |
Flowise: Parameter Override Bypass Remote Command Execution |
|
| CVE-2026-41137 |
unknown |
— |
— |
1mo ago |
Flowise: Code Injection in CSVAgent leads to Authenticated RCE |
|
| CVE-2026-41138 |
unknown |
— |
— |
1mo ago |
Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using `Pandas`. |
|
| CVE-2026-40933 |
unknown |
— |
— |
1mo ago |
Flowise: Authenticated RCE Via MCP Adapters |
|
| CVE-2026-31829 |
unknown |
— |
— |
3mo ago |
Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access |
|
| CVE-2025-61913 |
unknown |
— |
— |
8mo ago |
Flowise is vulnerable to arbitrary file write through its WriteFileTool |
|
| CVE-2025-29189 |
unknown |
— |
— |
1y ago |
Flowise Vulnerable to SQL Injection via `tableName` Parameter |
|