Flowise SSRF Bypass: DNS Rebinding Opens LLM Flows to Attackers
The National Vulnerability Database has disclosed CVE-2026-41272, a high-severity Server-Side Request Forgery (SSRF) vulnerability in Flowise, a drag-and-drop interface for building custom large language model (LLM) flows. Prior to version 3.1.0, Flowise’s core security wrappers, secureAxiosRequest and secureFetch, designed to prevent SSRF, contain critical logic flaws. These issues allow attackers to bypass intended allow/deny lists.
The bypass mechanisms are twofold: attackers can exploit DNS Rebinding (Time-of-Check Time-of-Use) to trick the system into connecting to unauthorized internal resources, or leverage the default configuration, which fails to enforce any deny list at all. This means if your Flowise instance isn’t explicitly configured with a deny list, it’s wide open to SSRF.
This isn’t theoretical; SSRF can lead to internal network reconnaissance, access to metadata services, and even arbitrary code execution in some configurations. For any organization using Flowise, this vulnerability presents a direct path for attackers to pivot from an exposed LLM interface into your internal infrastructure. Patching to version 3.1.0 is non-negotiable.
What This Means For You
- If your organization uses Flowise for LLM flow development, immediately verify your version. If it's prior to 3.1.0, patch to 3.1.0 without delay. Additionally, inspect your Flowise configurations to ensure deny lists are explicitly enforced, even after patching, as a defense-in-depth measure. Attackers will use SSRF to map your internal network and find further vulnerabilities.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
Flowise SSRF Bypass via DNS Rebinding - Free Tier - CVE-2026-41272
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-41272 | SSRF | Flowise software versions prior to 3.1.0 |
| CVE-2026-41272 | SSRF | Bypass of secureAxiosRequest and secureFetch security wrappers |
| CVE-2026-41272 | SSRF | DNS Rebinding (Time-of-Check Time-of-Use) attack vector |
| CVE-2026-41272 | Misconfiguration | Default configuration failing to enforce deny list in Flowise |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 23, 2026 at 23:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
Breeze Cache Plugin Exploit: Unauthenticated File Upload Hits WordPress
BleepingComputer reports active exploitation of a critical file upload vulnerability in the Breeze Cache WordPress plugin. This flaw allows unauthenticated attackers to upload arbitrary files...
Critical RCE Flaw in radare2-mcp: Command Injection via JSON-RPC
CVE-2026-6942 — radare2-mcp version 1.6.0 and earlier contains an os command injection vulnerability that allows remote attackers to execute arbitrary commands by bypassing the command...
CVE-2026-6941 — Its Project Notes Handling That Path Traversal
CVE-2026-6941 — radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside...