CVE-2026-31829

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including...

Server-side Request Forgery (SSRF)

Overview flowise-ui is a Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the HTTP Node as it is used in AgentFlow and Chatflow. An attacker can access internal network resources, retrieve sensitive information, or modify and delete data by supplying crafte...

CVE-2026-31829 Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including...

MAL-2025-32577 Malicious code in rvi-http-node-server (npm)

The package rvi-http-node-server was found to contain malicious code...

Malicious code in rvi-http-node-server (npm)

The package rvi-http-node-server was found to contain malicious code...