CVE-2026-43995 - Vulnerability Details

- Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)

Description

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP clients (node-fetch, axios) instead of using the secured wrapper. These tools include (1) OpenAPIToolkit/OpenAPIToolkit.ts, (2) WebScraperTool/WebScraperTool.ts, (3) MCP/core.ts, and (4) Arxiv/core.ts. This vulnerability is fixed in 3.1.0.

Published: 2026-05-11

Score: 5.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw exists in Flowise versions prior to 3.1.0 where several tools—OpenAPIToolkit, WebScraperTool, MCP, and Arxiv—directly import and call raw HTTP clients such as node‑fetch and axios instead of the framework’s protected wrapper. This coding pattern permits the application to send HTTP requests to arbitrary URLs, consequently bypassing the built‑in SSRF safeguards. The weakness is classified as CWE‑918, and the CVSS base score of 5.3 indicates a moderate risk if the conditions for exploitation are met.

Affected Systems

Flowise AI Flowise installations running any version earlier than 3.1.0 are vulnerable. The components that execute the direct HTTP calls are the OpenAPIToolkit, WebScraperTool, MCP, and Arxiv modules.

Risk and Exploitability

Because the vulnerability requires the application to process URLs that can be supplied by a user of the affected tools, an attacker who can influence those inputs may trigger outbound traffic to arbitrary endpoints. The EPSS score is not available and the vulnerability is not listed in the CISA KEV catalog, which suggests that no widespread exploitation has been observed. The CVSS score of 5.3 reflects that, while not trivial, it is not considered a high‑severity flaw.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

FlowiseAI

Flowise

affected

Version	Status	Constraints
`< 3.1.0`	affected	—

No data.

Vendor Product Confidence Versions

Flowiseai

Flowise

100%

Version	Status	Scheme	Platform
`[0,3.1.0)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update Flowise to version 3.1.0 or later, which replaces the direct HTTP client calls with the protected wrapper.
If an immediate update is not possible, limit or disable the OpenAPIToolkit, WebScraperTool, MCP, and Arxiv tools in the Flowise configuration to prevent their use.
Implement network controls such as URL whitelisting or DNS filtering so that only approved external requests are allowed.

Generated by OpenCVE AI on May 11, 2026 at 19:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-qqvm-66q4-vf5c	Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00038.

Exploitation poc

Automatable no

Technical Impact partial

References

Link	Providers
https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-qqvm-66q4-vf5c

History

Mon, 11 May 2026 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Flowiseai Flowiseai flowise
Vendors & Products		Flowiseai Flowiseai flowise

Mon, 11 May 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 11 May 2026 18:00:00 +0000

Type	Values Removed	Values Added
Description		Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP clients (node-fetch, axios) instead of using the secured wrapper. These tools include (1) OpenAPIToolkit/OpenAPIToolkit.ts, (2) WebScraperTool/WebScraperTool.ts, (3) MCP/core.ts, and (4) Arxiv/core.ts. This vulnerability is fixed in 3.1.0.
Title		Flowise: SSRF Protection Bypass via Direct node-fetch / axios Usage (Patch Enforcement Failure)
Weaknesses		CWE-918
References		https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-qqvm-66q4-vf5c
Metrics		cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N'}`

Subscriptions

Flowiseai Flowise

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-05-11T17:49:42.189Z

Updated: 2026-05-11T18:21:09.537Z

Reserved: 2026-05-04T20:24:31.917Z

Link: CVE-2026-43995

Vulnrichment

Updated: 2026-05-11T18:19:06.939Z

NVD

Status : Received

Published: 2026-05-11T18:16:37.660

Modified: 2026-05-11T19:16:25.540

Link: CVE-2026-43995

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-11T20:00:15Z

Weaknesses

CWE-918

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object