Vulnerabilities in Flowise
8 resultsCVE-2026-56274HIGHFlowise - Remote Code Execution via MCP Security Bypass in validateCommandFlags and validateArgsForLocalFileAccessEPSS 1.7%CVE-2024-58351CRITICALFlowise - Remote Code Execution via overrideConfig ParameterEPSS 0.6%CVE-2026-56267MEDIUMFlowise - PII Disclosure via Unauthenticated Forgot Password EndpointEPSS 0.3%CVE-2025-71337HIGHFlowise - Unverified Email Change via Account Profile EndpointEPSS 0.3%CVE-2026-56268MEDIUMFlowise - Cross-Workspace Information Disclosure via chatflows/apikey EndpointEPSS 0.3%CVE-2026-56276MEDIUMFlowise - Mass Assignment in PUT /api/v1/user Allows Password Hash OverrideEPSS 0.3%CVE-2025-71331MEDIUMFlowise - Cross-Site Scripting in Chat Messages and Agent WorkflowsEPSS 0.2%CVE-2026-56275MEDIUMFlowise - Server-Side Request Forgery via Execute Flow Base URLEPSS 0.2%