{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41271", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-18T14:01:46.801Z", "datePublished": "2026-04-23T19:17:40.345Z", "dateUpdated": "2026-04-23T19:45:47.548Z"}, "containers": {"cna": {"title": "Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.0"}}], "references": [{"name": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6r77-hqx7-7vw8", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6r77-hqx7-7vw8"}], "affected": [{"vendor": "FlowiseAI", "product": "Flowise", "versions": [{"version": "< 3.1.0", "status": "affected"}]}, {"vendor": "FlowiseAI", "product": "flowise-components", "versions": [{"version": "< 3.1.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-23T19:17:40.345Z"}, "descriptions": [{"lang": "en", "value": "Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests to internal and external systems. By injecting malicious prompt templates, attackers can bypass the intended API documentation constraints and redirect requests to sensitive internal services, potentially leading to internal network reconnaissance and data exfiltration. This vulnerability is fixed in 3.1.0."}], "source": {"advisory": "GHSA-6r77-hqx7-7vw8", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6r77-hqx7-7vw8", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-23T19:45:41.723100Z", "id": "CVE-2026-41271", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T19:45:47.548Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41271", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-18T14:01:46.801Z", "datePublished": "2026-04-23T19:17:40.345Z", "dateUpdated": "2026-04-23T19:45:47.548Z"}, "containers": {"cna": {"title": "Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.0"}}], "references": [{"name": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6r77-hqx7-7vw8", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6r77-hqx7-7vw8"}], "affected": [{"vendor": "FlowiseAI", "product": "Flowise", "versions": [{"version": "< 3.1.0", "status": "affected"}]}, {"vendor": "FlowiseAI", "product": "flowise-components", "versions": [{"version": "< 3.1.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-23T19:17:40.345Z"}, "descriptions": [{"lang": "en", "value": "Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests to internal and external systems. By injecting malicious prompt templates, attackers can bypass the intended API documentation constraints and redirect requests to sensitive internal services, potentially leading to internal network reconnaissance and data exfiltration. This vulnerability is fixed in 3.1.0."}], "source": {"advisory": "GHSA-6r77-hqx7-7vw8", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-41271", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-23T19:45:41.723100Z"}}}], "references": [{"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6r77-hqx7-7vw8", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T19:45:34.722Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB30DB8F-4F72-4FD3-90FB-8331F1CBB78E", "versionEndExcluding": "3.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests to internal and external systems. By injecting malicious prompt templates, attackers can bypass the intended API documentation constraints and redirect requests to sensitive internal services, potentially leading to internal network reconnaissance and data exfiltration. This vulnerability is fixed in 3.1.0."}], "id": "CVE-2026-41271", "lastModified": "2026-04-24T16:37:54.877", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.5, "source": "security-advisories@github.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-23T20:16:15.683", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6r77-hqx7-7vw8"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6r77-hqx7-7vw8"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.1.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "inferred", "scores": [{"score": 100.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Flowise", "source": "cna", "vendor": "FlowiseAI"}, "product": "flowise", "vendor": "flowiseai"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.1.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "flowise-components", "source": "cna", "vendor": "FlowiseAI"}, "product": "flowise-components", "vendor": "flowiseai"}], "analysis": {"en": {"generated_at": "2026-04-28T07:27:48.711634+00:00", "value": {"mitigation_remediation": ["Update Flowise to version 3.1.0 or later, which contains the vendor\u2011supplied fix for the SSRF flaw.", "If an upgrade is not immediately possible, restrict the Flowise server\u2019s outbound traffic using firewall or proxy rules so that it can only contact trusted external services and block internal IP ranges.", "As an interim countermeasure, disable or limit the API Chain component in the application configuration and validate prompt templates to reject any URLs or suspicious request patterns."], "summary": {"action": "Immediate Patch", "impact": "SSRF leading to unauthorized internal network access and potential data exfiltration"}, "threat_synthesis": {"affected_systems": "The vulnerability affects FlowiseAI\u2019s Flowise application and its flowise\u2011components package in any version prior to 3.1.0, regardless of deployment environment. The issue is present in both the drag\u2011and\u2011drop UI and the underlying REST endpoints used to create and execute API chains.", "description_and_impact": "A server\u2011side request forgery flaw exists in Flowise\u2019s API Chain components, allowing attackers to inject malicious prompt templates that coerce the server into making arbitrary HTTP requests. By overriding the intended API documentation constraints, an attacker can target internal or external services, enabling network reconnaissance and data exfiltration. This specific weakness is mapped to CWE\u2011918.", "risk_and_exploitability": "With a CVSS score of 8.3 and an EPSS indication of less than 1%, the risk of exploitation is considered moderate in terms of likelihood but high in potential impact. The vulnerability is not listed in the CISA KEV catalog. Attackers, who do not require authentication, can trigger the flaw by sending crafted GET or POST requests to the API Chain endpoints. The SSRF mechanism allows easy redirection to internal system addresses, providing a straightforward path to sensitive network discovery or data leakage."}}}}, "created": "2026-04-27T19:52:58.720232+00:00", "updated": "2026-04-28T07:30:26.342851+00:00", "vendors": ["flowiseai", "flowiseai$PRODUCT$flowise", "flowiseai$PRODUCT$flowise-components"]}