Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the /api/v1/attachments/:chatflowId/:chatId endpoint is listed in WHITELIST_URLS, allowing unauthenticated access to the file upload API. While the server validates uploads based on the MIME types defined in chatbotConfig.fullFileUpload.allowedUploadFileTypes, it implicitly trusts the client-provided Content-Type header (file.mimetype) without verifying the file's actual content (magic bytes) or extension (file.originalname). Consequently, an attacker can bypass this restriction by spoofing the Content-Type as a permitted type (e.g., application/pdf) while uploading malicious scripts or arbitrary files. Once uploaded via addArrayFilesToStorage, these files persist in backend storage (S3, GCS, or local disk). This vulnerability serves as a critical entry point that, when chained with other features like static hosting or file retrieval, can lead to Stored XSS, malicious file hosting, or Remote Code Execution (RCE). This issue has been patched in version 3.0.13.
Published: 2026-03-07
Score: 8.2 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary File Upload that can lead to Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

Flowise is a drag‑and‑drop interface for building language‑model flows. In versions prior to 3.0.13 the file‑upload endpoint /api/v1/attachments/:chatflowId/:chatId is listed in a whitelist and thus permits unauthenticated uploads. The server validates file type only against a list of allowed MIME types supplied by the client and does not inspect the file’s magic bytes nor its actual extension. By spoofing a permitted MIME type such as application/pdf an attacker can upload arbitrary or malicious scripts; the files are then stored in backend storage (S3, GCS, or local disk) and may be later retrieved or served, providing an entry point for stored XSS, malicious file hosting, or Remote Code Execution.

Affected Systems

The vulnerability affects FlowiseAI’s Flowise product, specifically all instances running a version older than 3.0.13. The attack surface is the upload endpoint exposed for building chat‑flow attachments; no other vendors or product variants are implicated by the available data.

Risk and Exploitability

The CVSS score of 8.2 underscores a high severity impact. A current EPSS score of less than 1% indicates that active exploitation is unlikely at present, though the vulnerability remains present. The flaw is not listed in the CISA KEV catalog, meaning no publicly known exploited instances have been reported. Attackers can reach the endpoint from any remote location that can communicate with the Flowise server, and because the validation relies on the client‑supplied Content‑Type header, it is straightforward to bypass unless mitigated.

Generated by OpenCVE AI on April 16, 2026 at 11:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Flowise to version 3.0.13 or later, which removes unauthenticated access to the upload endpoint
  • Restrict the /api/v1/attachments endpoint to authenticated users only, forbidding public uploads
  • Implement server‑side validation that checks the file’s magic bytes and extension in addition to the MIME type; reject files that do not match the permitted patterns
  • If an upgrade is not immediately feasible, disable the static hosting of uploaded files or move the upload service behind a stricter firewall until mitigation can be applied

Generated by OpenCVE AI on April 16, 2026 at 11:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-j8g8-j7fc-43v6 Flowise has Arbitrary File Upload via MIME Spoofing
History

Wed, 11 Mar 2026 14:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Mon, 09 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Flowiseai
Flowiseai flowise
Vendors & Products Flowiseai
Flowiseai flowise

Sat, 07 Mar 2026 05:15:00 +0000

Type Values Removed Values Added
Description Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the /api/v1/attachments/:chatflowId/:chatId endpoint is listed in WHITELIST_URLS, allowing unauthenticated access to the file upload API. While the server validates uploads based on the MIME types defined in chatbotConfig.fullFileUpload.allowedUploadFileTypes, it implicitly trusts the client-provided Content-Type header (file.mimetype) without verifying the file's actual content (magic bytes) or extension (file.originalname). Consequently, an attacker can bypass this restriction by spoofing the Content-Type as a permitted type (e.g., application/pdf) while uploading malicious scripts or arbitrary files. Once uploaded via addArrayFilesToStorage, these files persist in backend storage (S3, GCS, or local disk). This vulnerability serves as a critical entry point that, when chained with other features like static hosting or file retrieval, can lead to Stored XSS, malicious file hosting, or Remote Code Execution (RCE). This issue has been patched in version 3.0.13.
Title Flowise: Arbitrary File Upload via MIME Spoofing
Weaknesses CWE-434
References
Metrics cvssV4_0

{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Flowiseai Flowise
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-09T20:44:24.875Z

Reserved: 2026-03-05T21:06:44.605Z

Link: CVE-2026-30821

cve-icon Vulnrichment

Updated: 2026-03-09T20:35:42.568Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-07T05:16:26.907

Modified: 2026-03-11T13:45:38.230

Link: CVE-2026-30821

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T11:15:27Z

Weaknesses