CVE-2026-8026

A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can be launched...

PT-2026-34236

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description A flaw exists in the run method of the CSV Agents class due to improper sandboxing when evaluating Python scripts generated by a Large Language Model LLM. An unauthenticated attacker can use prompt...

VulnCheck KEV: CVE-2025-26319

FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments...

PT-2025-9712

Name of the Vulnerable Software and Affected Versions FlowiseAI Flowise version 2.2.6 Description FlowiseAI Flowise version 2.2.6 contains an arbitrary file upload vulnerability in the /api/v1/attachments API endpoint. This allows unauthenticated attackers to upload malicious files, potentially...