20 Total CVEs
17 AI Analyzed
0 CISA KEV
9 Critical
All Vendors
Showing 1-20 of 20 CVEs
CVE-2026-56278
Analyzed
9.1
Flowise Flowise

Flowise uses a weak, hardcoded default secret for session management, enabling unauthenticated attackers to forge session cookies and hijack user acco...

2026-07-01
CVE-2026-56274
Analyzed
9.9
Flowise Flowise

Flowise versions before 3.1.2 are susceptible to OS command injection via the Custom MCP Server feature due to inadequate validation of command flags...

2026-06-24
CVE-2026-56268
Analyzed
7.7
Flowise Flowise

Flowise before 3

2026-06-23
CVE-2026-46479
Analyzed
8.8
Flowise Flowise

Flowise is a drag & drop user interface to build a customized large language model flow

2026-06-16
CVE-2026-46478
Analyzed
8.8
Flowise Flowise

Flowise is a drag & drop user interface to build a customized large language model flow

2026-06-16
CVE-2026-46477
Analyzed
8.8
Flowise Flowise

Flowise is a drag & drop user interface to build a customized large language model flow

2026-06-16
CVE-2026-46475
Analyzed
8.8
Flowise Flowise

Flowise is a drag & drop user interface to build a customized large language model flow

2026-06-13
CVE-2026-40933
Analyzed
9.9
Flowise Flowise

Flowise prior to 3.1.0 is vulnerable to OS command injection due to unsafe serialization of stdio commands in the MCP adapter, allowing authenticated...

2026-04-22
CVE-2025-71338
Analyzed
10
Flowise Flowise

An unauthenticated path traversal vulnerability in the Flowise document-store loader allows attackers to write arbitrary files to the filesystem, faci...

2026-06-26
CVE-2025-71337
Analyzed
8.3
Flowise Flowise

Flowise before 3

2026-06-24
CVE-2025-71336
Analyzed
9.8
Flowise Flowise

Flowise contains an unsandboxed remote code execution vulnerability in the Custom MCP feature, allowing unauthenticated attackers to execute arbitrary...

2026-06-26
CVE-2025-71335
Analyzed
8.1
Flowise Flowise

Flowise before 3

2026-06-26
CVE-2025-71334
Analyzed
9.8
Flowise Flowise

Flowise contains an arbitrary file read and write vulnerability due to missing validation on input parameters, allowing unauthenticated attackers to a...

2026-06-26
CVE-2025-71333
Analyzed
9.3
Flowise Flowise

Flowise contains an unauthenticated arbitrary file upload vulnerability in the /api/v1/attachments endpoint, allowing attackers to achieve remote code...

2026-06-26
CVE-2025-71328
Analyzed
8.3
Flowise Flowise

Flowise before 3

2026-06-26
CVE-2025-71327
Analyzed
9.1
Flowise Flowise

An authentication bypass vulnerability in the Flowise /api/v1/account/register endpoint allows unauthenticated attackers to create unauthorized admini...

2026-06-26
CVE-2025-61687
8.3
Flowise Multiple Products

Flowise is a drag & drop user interface to build a customized large language model flow

2025-10-06
CVE-2025-50538
8.2
Flowise Multiple Products

Flowise before 3

2025-10-06
CVE-2025-29192
8.2
Flowise Multiple Products

Flowise before 3

2025-10-06
CVE-2024-58351
Analyzed
9.8
Flowise Flowise

Flowise versions before 2.1.4 are vulnerable to remote code execution and sandbox escape via an insecure overrideConfig option in the Chainflow execut...

2026-06-21