Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector store implementations that accept unsanitized basePath parameters from authenticated users. Attackers with valid API tokens can write vector store data to arbitrary filesystem locations, potentially enabling code execution or data exfiltration.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 08 Jul 2026 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector store implementations that accept unsanitized basePath parameters from authenticated users. Attackers with valid API tokens can write vector store data to arbitrary filesystem locations, potentially enabling code execution or data exfiltration. | |
| Title | Flowise - Path Traversal in Vector Store basePath Parameter | |
| First Time appeared |
Flowiseai
Flowiseai flowise |
|
| Weaknesses | CWE-22 | |
| CPEs | cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Flowiseai
Flowiseai flowise |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-08T13:48:58.446Z
Reserved: 2026-06-20T01:47:54.000Z
Link: CVE-2026-56273
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses