12 matches found
Server-Side Request Forgery (SSRF)
Flowise is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to improper validation of user-supplied URLs in the /api/v1/fetch-links endpoint, which allows an attacker to exploit the server as a proxy to access internal network resources and explore their link structures...
CVE-2025-59527
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery SSRF vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise serve...
CVE-2025-59527
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery SSRF vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise serve...
CVE-2025-59527
Flowise (FlowiseAI/Flowise) version 3.0.5 contains a Server-Side Request Forgery (SSRF) in the /api/v1/fetch-links endpoint. The issue allows the Flowise server to proxy requests into internal network services and enumerate internal links. It has been patched in version 3.0.6; upgrading to 3.0.6 ...
CVE-2025-59527 FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery SSRF vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise serve...
CVE-2025-59527 FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery SSRF vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise serve...
CVE-2025-59527 FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability
Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, a Server-Side Request Forgery SSRF vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise serve...
Flowise 代码问题漏洞
Flowise is a FlowiseAI open source tool for easily building LLM applications. A code issue vulnerability exists in Flowise version 3.0.5, which stems from a server-side request forgery in the /api/v1/fetch-links endpoint that could allow an attacker to use the server as a proxy to access internal...
GHSA-HR92-4Q35-4J3M FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability
Summary --- A Server-Side Request Forgery SSRF vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise server as a proxy to access internal network web services and explore their link structures. The...
Server-side Request Forgery (SSRF)
Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetch function in the fetch-links feature when user-supplied URLs are not validated. An attacker can access internal network resources and sensitive...
FlowiseAI/Flowise has Server-Side Request Forgery (SSRF) vulnerability
Summary --- A Server-Side Request Forgery SSRF vulnerability was discovered in the /api/v1/fetch-links endpoint of the Flowise application. This vulnerability allows an attacker to use the Flowise server as a proxy to access internal network web services and explore their link structures. The...
PT-2025-39072
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Flowise version 3.0.5 Description A Server-Side Request Forgery SSRF vulnerability exists in the /api/v1/fetch-links endpoint of the Flowise application. This allows an attacker to use the Flowise server as a...