Launch Week Day 1: Announcing Security Design Review

FlowiseAI Flowise arbitrary file upload vulnerability

GHSA-69jq-qr7w-j7qh · CVE-2025-26319

Published Mar 5, 2025 · Modified Mar 5, 2025

Description

FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes