EUVD-2026-35113

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2...

CVE-2026-43995

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP clients node-fetch, axios instead of using the secured wrapper. These tools include 1 OpenAPIToolkit/OpenAPIToolkit.ts, 2...

CVE-2026-41264

Flowise CVE-2026-41264 affects the Flowise CSV Agent node. The flaw is in the run method of the CSV_Agents class, where an LLM-generated Python script is evaluated without proper sandboxing, enabling prompt-injection to cause execution of attacker-controlled commands on the Flowise server. This a...

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior versions of Flowise, including 3.0.13, contained security vulnerabilities. These vulnerabilities stemmed from the possibility for unverified users to inject arbitrary values into internal...

Flowise Security Vulnerabilities

Flowise is a tool for easily building LLM applications. A security vulnerability exists in Flowise version 1.4.3, which stems from the presence of a reflective cross-site scripting vulnerability that could allow an attacker to read arbitrary files from the server...