Flowise SSRF Vulnerability Exposes Internal Systems

/HIGH /CVSS 7.1/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severityserver-side-request-forgerycwe-918
Flowise SSRF Vulnerability Exposes Internal Systems

The National Vulnerability Database has detailed a critical Server-Side Request Forgery (SSRF) vulnerability, CVE-2026-41271, affecting FlowiseAI versions prior to 3.1.0. This flaw resides in the POST/GET API Chain components, allowing unauthenticated attackers to compel the Flowise server into making arbitrary HTTP requests. Attackers can exploit this by injecting malicious prompt templates, bypassing intended API constraints to target sensitive internal services. This opens the door for reconnaissance and potential data exfiltration within an organization’s network.

The National Vulnerability Database highlights that this vulnerability, rated HIGH with a CVSS score of 7.1, is fixed in FlowiseAI version 3.1.0. The attack vector is network-based, requires low privileges, and has a high complexity to exploit, but leads to significant confidentiality and integrity impacts. Defenders should prioritize upgrading FlowiseAI instances to the patched version immediately to mitigate this risk.

What This Means For You

  • If your organization uses FlowiseAI, you must upgrade to version 3.1.0 or later immediately. This SSRF vulnerability allows unauthenticated attackers to probe your internal network and potentially exfiltrate data by forcing the Flowise server to make requests to internal services. Audit your Flowise instances for any signs of unauthorized network activity.
🛡️ Am I exposed to this? Get detection rules for CVE-2026-41271 — Splunk, Sentinel, Elastic, QRadar & more

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1571 Non-Standard Port Discovery T1071.001 Web Protocols Command and Control

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

high T1190 Initial Access

CVE-2026-41271 - Flowise SSRF via API Chain Components

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-41271 Vulnerability CVE-2026-41271

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 23, 2026 at 23:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

Breeze Cache Plugin Exploit: Unauthenticated File Upload Hits WordPress

BleepingComputer reports active exploitation of a critical file upload vulnerability in the Breeze Cache WordPress plugin. This flaw allows unauthenticated attackers to upload arbitrary files...

threat-inteldata-breachmalwarevulnerabilityidentity
/SCW Vulnerability Desk /MEDIUM /⚑ 1 IOC /⚙ 3 Sigma

Critical RCE Flaw in radare2-mcp: Command Injection via JSON-RPC

CVE-2026-6942 — radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command...

vulnerabilityCVEcriticalhigh-severityremote-code-executioncwe-78
/SCW Vulnerability Desk /CRITICAL /9.8 /⚑ 4 IOCs /⚙ 3 Sigma

CVE-2026-6941 — Its Project Notes Handling That Path Traversal

CVE-2026-6941 — radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside...

vulnerabilityCVEmedium-severitypath-traversalcwe-59
/SCW Vulnerability Desk /MEDIUM /6.6 /⚑ 2 IOCs /⚙ 3 Sigma