This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis β
Q1What is this vulnerability? (Essence + Consequences)
π¨ **Essence**: Flowise AI v2.2.6 has an **Arbitrary File Upload** flaw. π π₯ **Consequences**: Attackers can overwrite critical config files (like `api.json`) or upload Webshells.β¦
π‘οΈ **Root Cause**: The `/api/v1/attachments` route is **whitelisted** (no auth required). π« β οΈ **Flaw**: It fails to sanitize the `chatId` parameter, allowing **Path Traversal** (`../../../`).β¦
π― **Affected**: **Flowise AI** versions **2.2.6 and below**. π¦ βοΈ **Component**: Specifically when `storageType` is set to **local** (the default setting). π
π **Public Exp?**: **YES**. β π **PoCs**: Multiple Python scripts available on GitHub (e.g., `flowise_exploit.py`). π **Wild Exp**: Active exploitation tools exist for uploading shells or configs. πΈοΈ
Q7How to self-check? (Features/Scanning)
π **Self-Check**: 1. Scan for Flowise instances on port **3000**. π 2. Check if `/api/v1/attachments` is accessible without auth. πͺ 3. Use Nuclei templates (`CVE-2025-26319.yaml`) for automated detection. π€
Q8Is it fixed officially? (Patch/Mitigation)
π οΈ **Fix**: Update to a **patched version** > 2.2.6. π¦ π« **Mitigation**: If stuck, disable the `/api/v1/attachments` endpoint or enforce **Authentication** on all API routes. π
Q9What if no patch? (Workaround)
π§ **No Patch?**: 1. **Block** external access to port 3000 via Firewall. 𧱠2. Change `storageType` to **S3/Cloud** if supported (avoids local path traversal). βοΈ 3. Restrict file upload permissions in the OS. π