Description
Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that the chatflowId and chatId parameters are UUIDs or numbers in file handling operations. By supplying a path-traversal value (e.g., '../../../../../tmp') as the chatflow id, an unauthenticated attacker can use the /api/v1/chatflows endpoint (via addBase64FilesToStorage) to write arbitrary files, and the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints (via streamStorageFile) to read arbitrary files. Arbitrary file write may lead to remote code execution.
Published: 2026-06-25
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Flowise versions prior to 3.0.6 (including 2.2.8 and earlier) suffer an arbitrary file access flaw. The application fails to verify that the chatflowId and chatId parameters are UUIDs or numeric identifiers during file operations. By supplying a path‑traversal string such as '../../../../../tmp' as the chatflow ID, an unauthenticated attacker can exploit the /api/v1/chatflows endpoint, via the addBase64FilesToStorage function, to write files of their choosing, and can read arbitrary files through the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints, whose streamStorageFile function also ignores the validation. Writing files may enable remote code execution on the host system.

Affected Systems

Affected vendors and products include Flowise, with the Flowise application in versions 2.2.8 and earlier containing the flaw. No other vendors are currently listed.

Risk and Exploitability

The CVSS score for this CVE is 9.3, indicating a critical severity. EPSS data are unavailable, and the vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be network‑based through exposed HTTP API endpoints, and the flaw can be exercised without authentication by directly invoking the vulnerable endpoints. Because the application does not validate the path supplied in the chatflow ID, the vulnerability is easily exploitable, especially for attackers who can transmit requests to a public Flowise deployment.

Generated by OpenCVE AI on June 25, 2026 at 23:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Flowise to version 3.0.6 or later, which includes validation of chatflowId and chatId and removes the path‑traversal vulnerability.
  • Block access to the /api/v1/chatflows, /api/v1/get-upload-file, and /api/v1/openai-assistants-file/download endpoints from untrusted networks or require authentication if unavailable.
  • Restrict file system permissions for the Flowise application user to prevent it from writing to protected directories and ensure that any uploaded files are stored outside the web root or in a dedicated, safe storage location.

Generated by OpenCVE AI on June 25, 2026 at 23:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 11:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 25 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Description Flowise before 3.0.6 (affected versions 2.2.8 and earlier) contains an arbitrary file access vulnerability due to missing validation that the chatflowId and chatId parameters are UUIDs or numbers in file handling operations. By supplying a path-traversal value (e.g., '../../../../../tmp') as the chatflow id, an unauthenticated attacker can use the /api/v1/chatflows endpoint (via addBase64FilesToStorage) to write arbitrary files, and the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints (via streamStorageFile) to read arbitrary files. Arbitrary file write may lead to remote code execution.
Title Flowise - Arbitrary File Access via Missing Chat Flow ID Validation
First Time appeared Flowiseai
Flowiseai flowise
Weaknesses CWE-73
CPEs cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*
Vendors & Products Flowiseai
Flowiseai flowise
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Flowiseai Flowise
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-26T10:39:31.494Z

Reserved: 2026-06-20T01:48:36.755Z

Link: CVE-2025-71334

cve-icon Vulnrichment

Updated: 2026-06-26T10:39:03.401Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T05:45:04Z

Weaknesses
  • CWE-73

    External Control of File Name or Path