Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTP_DENY_LIST for axios and node-fetch libraries, the built-in Node.js http, https, and net modules are allowed in the NodeVM sandbox without equivalent protection. This allows authenticated users to bypass SSRF controls and access internal network resources (e.g., cloud provider metadata services) This vulnerability is fixed in 3.1.0.
Published: 2026-04-23
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: SSRF Allowing Internal Network Access
Action: Patch
AI Analysis

Impact

A flaw in Flowise’s Custom Function feature lets authenticated users bypass the application’s SSRF controls because the built‑in Node.js http, https, and net modules are run inside the sandbox without equivalent protection. This bypass permits requests to internal network services, such as cloud metadata endpoints, which can expose credentials or other sensitive information. The vulnerability is characterized by CWE‑284 (improper access control) and CWE‑918 (server‑side request forgery).

Affected Systems

FlowiseAI’s Flowise UI and flowise‑components products, any deployment using Flowise prior to version 3.1.0. No specific sub‑version list is provided, so any release earlier than 3.1.0 is potentially affected.

Risk and Exploitability

The CVSS score is 7.1, indicating moderate‑to‑high severity. The EPSS score of less than 1 % suggests a very low probability of public exploitation at this time, and the vulnerability is not listed in the CISA KEV catalogue. Because the exploit requires authenticated access to Flowise, the attack surface is limited to users who can create or invoke Custom Functions; however, once authenticated, an attacker could target internal network resources. No known public exploits are reported.

Generated by OpenCVE AI on April 28, 2026 at 07:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Flowise version 3.1.0 or later, which contains the patch for the SSRF bypass.
  • If an immediate upgrade is not possible, disable or remove the Custom Function feature to eliminate the vulnerable functionality.
  • Reconfigure the Custom Function sandbox to reject all unprotected Node.js http, https, and net module calls or implement equivalent SSRF filtering for these modules.

Generated by OpenCVE AI on April 28, 2026 at 07:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-xhmj-rg95-44hv Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox
History

Mon, 27 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Flowiseai flowise-components
Vendors & Products Flowiseai flowise-components

Sat, 25 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 24 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Flowiseai
Flowiseai flowise
CPEs cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*
Vendors & Products Flowiseai
Flowiseai flowise

Thu, 23 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
Description Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) protection bypass vulnerability exists in the Custom Function feature. While the application implements SSRF protection via HTTP_DENY_LIST for axios and node-fetch libraries, the built-in Node.js http, https, and net modules are allowed in the NodeVM sandbox without equivalent protection. This allows authenticated users to bypass SSRF controls and access internal network resources (e.g., cloud provider metadata services) This vulnerability is fixed in 3.1.0.
Title Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox
Weaknesses CWE-284
CWE-918
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L'}

Subscriptions

Flowiseai Flowise Flowise-components
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-25T01:28:07.450Z

Reserved: 2026-04-18T14:01:46.801Z

Link: CVE-2026-41270

cve-icon Vulnrichment

Updated: 2026-04-25T01:28:03.165Z

cve-icon NVD

Status : Modified

Published: 2026-04-23T20:16:15.547

Modified: 2026-04-25T02:16:02.593

Link: CVE-2026-41270

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T07:30:26Z

Weaknesses