Lucene search
+L

4 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/11 5:49 p.m.6 views

CVE-2026-43995

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP clients node-fetch, axios instead of using the secured wrapper. These tools include 1 OpenAPIToolkit/OpenAPIToolkit.ts, 2...

5.3CVSS5.8AI score0.00396EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 5:49 p.m.8 views

CVE-2026-43995 Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP clients node-fetch, axios instead of using the secured wrapper. These tools include 1 OpenAPIToolkit/OpenAPIToolkit.ts, 2...

5.3CVSS5.8AI score0.00396EPSS
Exploits1References1
CVE
CVE
added 2026/05/11 5:49 p.m.50 views

CVE-2026-43995

Flowise is affected by an SSRF-related vulnerability in which multiple tools (OpenAPIToolkit.ts, WebScraperTool.ts, MCP/core.ts, Arxiv/core.ts) directly import raw HTTP clients (node-fetch, axios) instead of the centralized httpSecurity.ts wrapper. This bypass allows outbound requests to evade th...

9.8CVSS5.8AI score0.00396EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/11 5:49 p.m.4 views

CVE-2026-43995 Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP clients node-fetch, axios instead of using the secured wrapper. These tools include 1 OpenAPIToolkit/OpenAPIToolkit.ts, 2...

5.3CVSS5.9AI score0.00396EPSS
Exploits1References3
Rows per page
Query Builder