← volver
CVE-2026-56273

Flowise - Path Traversal in Vector Store basePath Parameter

CVSS 4.9 MEDIUMEPSS 0.3%CWE-22
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.9EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
08 jul 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector store implementations that accept unsanitized basePath parameters from authenticated users. Attackers with valid API tokens can write vector store data to arbitrary filesystem locations, potentially enabling code execution or data exfiltration.
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N
Productos afectados
Flowise · Flowise