CVE-2026-30822

High CVSS: 7.7

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, unauthenticated users can inject arbitrary values into internal database fields when creating leads. This issue has been patched in version 3.0.13.

Vendor

Flowiseai

Product

Flowise

CWE

CWE-915

Yayın Tarihi

2026-03-07 05:16:27

Güncelleme

2026-03-11 13:40:13

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-915 Flowise HIGH Flowiseai 2026

Referanslar

https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.13 https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-mq4r-h2gh-qv7x

Benzer Kayıtlar

High

CVE-2026-31829

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise expose…

High

CVE-2026-30823

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, there…

High

CVE-2026-30824

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the NV…

High

CVE-2026-30820

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, Flowis…

High

CVE-2026-30821

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the /a…

Medium

CVE-2025-57164

Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase…