9.2
CVE-2026-41265 - Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the Airtable_Agents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. Using prompt injβ¦
8.2
CVE-2026-41279 - Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs β enables API credit abuse vβ¦
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint (POST /api/v1/text-to-speech/generate) is whitelisted (no auth) and accepts a credentialId directly in the request body. When called without a chatflowId, β¦
8.7
CVE-2026-41278 - Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwoβ¦
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initially assessed: the saβ¦
7.7
CVE-2026-41276 - Flowise: AccountService resetPassword Authentication Bypass Vulnerability
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to bypass authentication on affected installations of FlowiseAI Flowise. Authentication is not required to exploit this vulnerability. The specific flaβ¦
7.6
CVE-2026-41277 - Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover β¦
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key (id) and internal state fields of DocumentStore entities. Because theβ¦
9.3
CVE-2026-25874 - LeRobot Unsafe Deserialization Remote Code Execution via gRPC
LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads() is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable attaβ¦
7.5
CVE-2026-41275 - Flowise: Password Reset Link Sent Over Unsecured HTTP
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functionality on cloud.flowiseai.com sends a reset password link over the unsecured HTTP protocol instead of HTTPS. This behavior introduces the risk of a man-in-the-middle (Mβ¦
7.7
CVE-2026-41273 - Flowise: Unauthenticated OAuth 2.0 Access Token Disclosure via Public Chatflow
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise contains an authentication bypass vulnerability that allows an unauthenticated attacker to obtain OAuth 2.0 access tokens associated with a public chatflow. By accessing a public chatfloβ¦
8.3
CVE-2026-41271 - Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests tβ¦
7.1
CVE-2026-41272 - Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure)
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers (secureAxiosRequest and secureFetch) intended to prevent Server-Side Request Forgery (SSRF) contain multiple logic flaws. These flaws allow attackers to bypass the allβ¦