目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

FlowiseAI 厂商漏洞列表 / CVE 中文分析 46

FlowiseAI 厂商相关 46 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

FlowiseAI 是一款开源可视化 LLM 应用构建平台,旨在简化工作流编排。鉴于其已收录 43 条 CVE,历史上常见漏洞涵盖越权访问、SQL 注入及不安全的反序列化等风险,部分严重缺陷甚至导致远程代码执行。该平台虽提升了开发效率,但配置不当易引发数据泄露或系统接管。用户需关注其权限控制机制与依赖组件更新,以缓解潜在的安全威胁,确保生产环境稳定。

上位製品 FlowiseAI: Flowise FlowiseChatEmbed
CVE IDタイトルCVSS深刻度公開日
CVE-2026-8028 FlowiseAI Flowise Endpoint account.service.ts verify information disclosure — FlowiseCWE-200 3.7 Low2026-05-06
CVE-2026-8027 FlowiseAI Flowise User Controller authorization — FlowiseCWE-639 4.3 Medium2026-05-06
CVE-2026-8026 FlowiseAI Flowise API Response account.service.ts login information disclosure — FlowiseCWE-200 3.7 Low2026-05-06
CVE-2026-41274 Flowise: Cypher Injection in GraphCypherQAChain — FlowiseCWE-943 9.8AICriticalAI2026-04-23
CVE-2026-41264 Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability — FlowiseCWE-184 9.8AICriticalAI2026-04-23
CVE-2026-41265 Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability — FlowiseCWE-77 9.6AICriticalAI2026-04-23
CVE-2026-41279 Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials — FlowiseCWE-639 8.2AIHighAI2026-04-23
CVE-2026-41278 Flowise: Public chatflow endpoints return unsanitized flowData including plaintext API keys, passwords, and credential IDs — FlowiseCWE-200 7.5AIHighAI2026-04-23
CVE-2026-41276 Flowise: AccountService resetPassword Authentication Bypass Vulnerability — FlowiseCWE-287 7.4AIHighAI2026-04-23
CVE-2026-41277 Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR) — FlowiseCWE-284 8.8AIHighAI2026-04-23
CVE-2026-41275 Flowise: Password Reset Link Sent Over Unsecured HTTP — FlowiseCWE-319 6.8AIMediumAI2026-04-23
CVE-2026-41273 Flowise: Unauthenticated OAuth 2.0 Access Token Disclosure via Public Chatflow — FlowiseCWE-306 7.5AIHighAI2026-04-23
CVE-2026-41271 Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains — FlowiseCWE-918 8.6AIHighAI2026-04-23
CVE-2026-41272 Flowise: SSRF Protection Bypass (TOCTOU & Default Insecure) — FlowiseCWE-918 7.1 High2026-04-23
CVE-2026-41270 Flowise: SSRF Protection Bypass via Unprotected Built-in HTTP Modules in Custom Function Sandbox — FlowiseCWE-284 7.1 High2026-04-23
CVE-2026-41269 Flowise: File Upload Validation Bypass in createAttachment — FlowiseCWE-434 7.1 High2026-04-23
CVE-2026-41268 Flowise: Flowise Parameter Override Bypass Remote Command Execution — FlowiseCWE-20 9.8AICriticalAI2026-04-23
CVE-2026-41267 Flowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization Association — FlowiseCWE-639 8.1 High2026-04-23
CVE-2026-41266 Flowise: Sensitive Data Leak in public-chatbotConfig — FlowiseCWE-200 9.1AICriticalAI2026-04-23
CVE-2026-41137 Flowise: Code Injection in CSVAgent leads to Authenticated RCE — FlowiseCWE-94 8.8AIHighAI2026-04-23
CVE-2026-41138 Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. — FlowiseCWE-94 9.8AICriticalAI2026-04-23
CVE-2026-40933 Flowise: Authenticated RCE Via MCP Adapters — FlowiseCWE-78 10.0 Critical2026-04-21
CVE-2026-31829 Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access — FlowiseCWE-918 7.1 High2026-03-10
CVE-2026-30824 Flowise: Missing Authentication on NVIDIA NIM Endpoints — FlowiseCWE-306 10.0 -2026-03-07
CVE-2026-30823 Flowise: IDOR leading to Account Takeover and Enterprise Feature Bypass via SSO Configuration — FlowiseCWE-639 8.1 -2026-03-07
CVE-2026-30822 Flowise: Mass Assignment in `/api/v1/leads` Endpoint — FlowiseCWE-915 5.3 -2026-03-07
CVE-2026-30821 Flowise: Arbitrary File Upload via MIME Spoofing — FlowiseCWE-434 9.8 -2026-03-07
CVE-2026-30820 Flowise Authorization Bypass via Spoofed x-request-from Header — FlowiseCWE-863 8.8 -2026-03-07
CVE-2025-34267 Flowise Authenticated Command Execution and Sandbox Bypass via Puppeteer & Playwright Packages — FlowiseCWE-77 9.9AICriticalAI2025-10-14
CVE-2025-61913 Flowise is vulnerable to arbitrary file read, arbitrary file write — FlowiseCWE-22 10.0 Critical2025-10-08

本页汇总了 FlowiseAI 厂商截至目前公开的全部 46 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。