An unauthenticated arbitrary file access vulnerability in Flowise enables attackers to read or write files, creating a direct path to remote code execution and full system takeover.

The application fails to validate the chatflowId and chatId parameters, permitting path-traversal attacks. An unauthenticated attacker can exploit this to write malicious files or read sensitive configuration files via the /api/v1/ endpoints.

With a CVSS score of 9.8, this vulnerability represents an extreme risk to infrastructure. An attacker can write executable files to the server, leading to arbitrary code execution, which may result in full system compromise, data theft, and unauthorized access to integrated AI workflows or connected databases.

Immediate Action: Upgrade Flowise to version 3.0.6 or higher immediately to implement necessary path validation controls.

Proactive Monitoring: Audit access logs for the /api/v1/chatflows and /api/v1/openai-assistants-file/download endpoints for suspicious path-traversal strings (e.g., ../).

Compensating Controls: Deploy a Web Application Firewall (WAF) with rules configured to block path-traversal sequences and restrict access to the affected API endpoints.

Public Exploit Available: Unknown

The ability to perform arbitrary file operations without authentication makes this a high-priority risk. Administrators must apply the update to version 3.0.6 immediately and review server logs for signs of unauthorized file access or modification.