Lucene search
K

5 matches found

NVD
NVD
added 2026/04/23 8:16 p.m.5 views

CVE-2026-41268

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...

9.8CVSS0.13789EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 7:13 p.m.9 views

CVE-2026-41268

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...

7.7CVSS7.5AI score0.13789EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/23 7:13 p.m.84 views

CVE-2026-41268 Flowise: Flowise Parameter Override Bypass Remote Command Execution

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined wi...

7.7CVSS0.13789EPSS
Exploits1References1
OSV
OSV
added 2026/04/16 9:46 p.m.6 views

GHSA-CVRR-QHGW-2MM6 Flowise: Parameter Override Bypass Remote Command Execution

Summary Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined with a NODEOPTIONS environment variable injection. This allows for the execution of arbitrary syste...

7.7CVSS6.4AI score0.13789EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.8 views

PT-2026-34733

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description Flowise is a drag and drop user interface for building customized large language model flows. An unauthenticated remote command execution issue exists where a parameter override bypass can be achieve...

9.8CVSS7.6AI score0.13789EPSS
Exploits1References6
Rows per page
Query Builder