Lucene search
K

4 matches found

CVE
CVE
added 2026/04/23 7:15 p.m.14 views

CVE-2026-41270

Flowise (drag‑and‑drop UI for building LLM flows) contains an SSRF protection bypass in the Custom Function sandbox prior to version 3.1.0. The app blocks SSRF via HTTP_DENY_LIST for axios and node-fetch, but it allows use of built‑in Node.js http, https, and net modules inside the NodeVM sandbox...

8.3CVSS5.8AI score0.00234EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/04/23 7:15 p.m.39 views

CVE-2026-41270 Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery SSRF protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTPDENYLIST for axios and...

7.1CVSS0.00234EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/16 9:50 p.m.7 views

Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox

Summary A Server-Side Request Forgery SSRF protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTPDENYLIST for axios and node-fetch libraries, the built-in Node.js http, https, and net modules are allowed in the NodeVM sandb...

8.3CVSS6AI score0.00234EPSS
Exploits1References3Affected Software2
OSV
OSV
added 2026/04/16 9:50 p.m.27 views

GHSA-XHMJ-RG95-44HV Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox

Summary A Server-Side Request Forgery SSRF protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTPDENYLIST for axios and node-fetch libraries, the built-in Node.js http, https, and net modules are allowed in the NodeVM sandb...

7.1CVSS6AI score0.00234EPSS
Exploits1References3
Rows per page
Query Builder