{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41272", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-18T14:01:46.801Z", "datePublished": "2026-04-23T19:16:08.113Z", "dateUpdated": "2026-04-23T20:18:56.831Z"}, "containers": {"cna": {"title": "Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure)", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2x8m-83vc-6wv4", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2x8m-83vc-6wv4"}], "affected": [{"vendor": "FlowiseAI", "product": "Flowise", "versions": [{"version": "< 3.1.0", "status": "affected"}]}, {"vendor": "FlowiseAI", "product": "flowise-components", "versions": [{"version": "< 3.1.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-23T19:16:08.113Z"}, "descriptions": [{"lang": "en", "value": "Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers (secureAxiosRequest and secureFetch) intended to prevent Server-Side Request Forgery (SSRF) contain multiple logic flaws. These flaws allow attackers to bypass the allow/deny lists via DNS Rebinding (Time-of-Check Time-of-Use) or by exploiting the default configuration which fails to enforce any deny list. This vulnerability is fixed in 3.1.0."}], "source": {"advisory": "GHSA-2x8m-83vc-6wv4", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2x8m-83vc-6wv4", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-23T20:18:28.171566Z", "id": "CVE-2026-41272", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T20:18:56.831Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-41272", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-23T20:18:28.171566Z"}}}], "references": [{"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2x8m-83vc-6wv4", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T20:18:46.344Z"}}], "cna": {"title": "Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure)", "source": {"advisory": "GHSA-2x8m-83vc-6wv4", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "FlowiseAI", "product": "Flowise", "versions": [{"status": "affected", "version": "< 3.1.0"}]}, {"vendor": "FlowiseAI", "product": "flowise-components", "versions": [{"status": "affected", "version": "< 3.1.0"}]}], "references": [{"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2x8m-83vc-6wv4", "name": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2x8m-83vc-6wv4", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers (secureAxiosRequest and secureFetch) intended to prevent Server-Side Request Forgery (SSRF) contain multiple logic flaws. These flaws allow attackers to bypass the allow/deny lists via DNS Rebinding (Time-of-Check Time-of-Use) or by exploiting the default configuration which fails to enforce any deny list. This vulnerability is fixed in 3.1.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-23T19:16:08.113Z"}}}, "cveMetadata": {"cveId": "CVE-2026-41272", "state": "PUBLISHED", "dateUpdated": "2026-04-23T20:18:56.831Z", "dateReserved": "2026-04-18T14:01:46.801Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-23T19:16:08.113Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB30DB8F-4F72-4FD3-90FB-8331F1CBB78E", "versionEndExcluding": "3.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers (secureAxiosRequest and secureFetch) intended to prevent Server-Side Request Forgery (SSRF) contain multiple logic flaws. These flaws allow attackers to bypass the allow/deny lists via DNS Rebinding (Time-of-Check Time-of-Use) or by exploiting the default configuration which fails to enforce any deny list. This vulnerability is fixed in 3.1.0."}], "id": "CVE-2026-41272", "lastModified": "2026-04-24T16:37:31.410", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-23T20:16:15.810", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2x8m-83vc-6wv4"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2x8m-83vc-6wv4"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.1.0)"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Flowise", "source": "cna", "vendor": "FlowiseAI"}, "product": "flowise", "vendor": "flowiseai"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.1.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "flowise-components", "source": "cna", "vendor": "FlowiseAI"}, "product": "flowise-components", "vendor": "flowiseai"}], "analysis": {"en": {"generated_at": "2026-04-28T20:29:15.799209+00:00", "value": {"mitigation_remediation": ["Upgrade Flowise to version 3.1.0 or later", "Configure a deny list to block outbound requests to untrusted destinations, ensuring the allow/deny logic is actively enforced", "Limit the network scope of the Flowise process so that outbound traffic is permitted only to essential services"], "summary": {"action": "Patch immediately", "impact": "Server Side Request Forgery"}, "threat_synthesis": {"affected_systems": "All releases of Flowise and flowise-components from FlowiseAI earlier than version 3.1.0 are affected. The vulnerability was fixed in the 3.1.0 release of both the application and its components.", "description_and_impact": "Flowise versions before 3.1.0 contain logic errors in the secureAxiosRequest and secureFetch wrappers that were designed to block Server\u2011Side Request Forgery. These flaws allow a bypass of the allow/deny lists through DNS rebinding (a Time\u2011of\u2011Check Time\u2011of\u2011Use race) or by exploiting the default configuration, which does not enforce any deny list at all. The result is that an attacker can cause the Flowise application to issue arbitrary outbound HTTP or HTTPS requests to internal or external hosts, potentially exposing sensitive data or serving as a foothold for further attacks.", "risk_and_exploitability": "The EPSS score of less than 1% indicates a very low current probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The CVSS score of 7.1 reflects a high impact on confidentiality and integrity because the flaw permits arbitrary outbound requests that could be used to enumerate internal services, exfiltrate data, or pivot to other systems. Based on the description, it is inferred that an attacker would need to reach the Flowise instance over its web interface to trigger the SSRF bypass; no explicit credential requirement is stated in the advisory."}}}}, "created": "2026-04-27T19:53:00.039219+00:00", "updated": "2026-04-28T20:30:06.196762+00:00", "vendors": ["flowiseai", "flowiseai$PRODUCT$flowise", "flowiseai$PRODUCT$flowise-components"]}