Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests to internal and external systems. By injecting malicious prompt templates, attackers can bypass the intended API documentation constraints and redirect requests to sensitive internal services, potentially leading to internal network reconnaissance and data exfiltration. This vulnerability is fixed in 3.1.0.
Published: 2026-04-23
Score: 8.3 High
EPSS: < 1% Very Low
KEV: No
Impact: SSRF leading to unauthorized internal network access and potential data exfiltration
Action: Immediate Patch
AI Analysis

Impact

A server‑side request forgery flaw exists in Flowise’s API Chain components, allowing attackers to inject malicious prompt templates that coerce the server into making arbitrary HTTP requests. By overriding the intended API documentation constraints, an attacker can target internal or external services, enabling network reconnaissance and data exfiltration. This specific weakness is mapped to CWE‑918.

Affected Systems

The vulnerability affects FlowiseAI’s Flowise application and its flowise‑components package in any version prior to 3.1.0, regardless of deployment environment. The issue is present in both the drag‑and‑drop UI and the underlying REST endpoints used to create and execute API chains.

Risk and Exploitability

With a CVSS score of 8.3 and an EPSS indication of less than 1%, the risk of exploitation is considered moderate in terms of likelihood but high in potential impact. The vulnerability is not listed in the CISA KEV catalog. Attackers, who do not require authentication, can trigger the flaw by sending crafted GET or POST requests to the API Chain endpoints. The SSRF mechanism allows easy redirection to internal system addresses, providing a straightforward path to sensitive network discovery or data leakage.

Generated by OpenCVE AI on April 28, 2026 at 07:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Flowise to version 3.1.0 or later, which contains the vendor‑supplied fix for the SSRF flaw.
  • If an upgrade is not immediately possible, restrict the Flowise server’s outbound traffic using firewall or proxy rules so that it can only contact trusted external services and block internal IP ranges.
  • As an interim countermeasure, disable or limit the API Chain component in the application configuration and validate prompt templates to reject any URLs or suspicious request patterns.

Generated by OpenCVE AI on April 28, 2026 at 07:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-6r77-hqx7-7vw8 Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains
History

Mon, 27 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Flowiseai flowise-components
Vendors & Products Flowiseai flowise-components

Fri, 24 Apr 2026 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Flowiseai
Flowiseai flowise
CPEs cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*
Vendors & Products Flowiseai
Flowiseai flowise
Metrics cvssV3_1

{'score': 8.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L'}

Thu, 23 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 23 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
Description Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server to make arbitrary HTTP requests to internal and external systems. By injecting malicious prompt templates, attackers can bypass the intended API documentation constraints and redirect requests to sensitive internal services, potentially leading to internal network reconnaissance and data exfiltration. This vulnerability is fixed in 3.1.0.
Title Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains
Weaknesses CWE-918
References
Metrics cvssV3_0

{'score': 7.1, 'vector': 'CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L'}

Subscriptions

Flowiseai Flowise Flowise-components
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-23T19:45:47.548Z

Reserved: 2026-04-18T14:01:46.801Z

Link: CVE-2026-41271

cve-icon Vulnrichment

Updated: 2026-04-23T19:45:34.722Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-23T20:16:15.683

Modified: 2026-04-24T16:37:54.877

Link: CVE-2026-41271

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T07:30:26Z

Weaknesses