Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting flowise.
- CVE-2026-56278Flowise - Session Hijacking via Weak Default Express Session Secret9.1
- CVE-2026-58057Flowise - Custom MCP Environment Variable Denylist Bypass via Case Sensitivity5.0
- CVE-2025-71338Flowise - Arbitrary File Write to Remote Code Execution via document-store API10.0
- CVE-2025-71336Flowise - Unsandboxed Remote Code Execution via Custom MCP9.8
- CVE-2025-71335Flowise - Session Invalidation Failure After Password Change8.1
- CVE-2025-71334Flowise - Arbitrary File Access via Missing Chat Flow ID Validation9.8
- CVE-2025-71328Flowise - Unverified Password Change via Account Settings8.3
- CVE-2025-71327Flowise - Authentication Bypass via Unprotected Registration Endpoint9.1
- CVE-2025-71324Flowise - Arbitrary File Read via chatId Parameter7.5
- CVE-2026-56272Flowise - Insufficient Password Salt Rounds in Bcrypt Hashing4.1
- CVE-2026-56269Flowise - Weak Default Token Hash Secret in JWT Token Encryption4.6
- CVE-2026-56270Flowise - Unauthenticated OAuth Secrets Disclosure via /api/v1/loginmethod Endpoint7.5
- CVE-2025-71332Flowise - SQL Injection in importChatflows API via chatflow.id Parameter6.5
- CVE-2026-56275Flowise - Server-Side Request Forgery via Execute Flow Base URL7.1
- CVE-2026-56274Flowise - Remote Code Execution via MCP Security Bypass in validateCommandFlags and validateArgsForLocalFileAccess9.9