CVE-2026-30821

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the /api/v1/attachments/:chatflowId/:chatId endpoint is listed in WHITELIST_URLS, allowing unauthenticated access to the file upload API. While the server validates uploads based on the MIME types defined in chatbotConfig.fullFileUpload.allowedUploadFileTypes, it implicitly trusts the client-provided Content-Type header (file.mimetype) without verifying the file's actual content (magic bytes) or extension (file.originalname). Consequently, an attacker can bypass this restriction by spoofing the Content-Type as a permitted type (e.g., application/pdf) while uploading malicious scripts or arbitrary files. Once uploaded via addArrayFilesToStorage, these files persist in backend storage (S3, GCS, or local disk). This vulnerability serves as a critical entry point that, when chained with other features like static hosting or file retrieval, can lead to Stored XSS, malicious file hosting, or Remote Code Execution (RCE). This issue has been patched in version 3.0.13.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.13	Product Release Notes
https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-j8g8-j7fc-43v6	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*

History

11 Mar 2026, 13:45

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Flowiseai Flowiseai flowise
CPE		cpe:2.3:a:flowiseai:flowise::::::::
Summary		(es) Flowise es una interfaz de usuario de arrastrar y soltar para construir un flujo de modelo de lenguaje grande personalizado. Antes de la versión 3.0.13, el endpoint /api/v1/attachments/:chatflowId/:chatId está listado en WHITELIST_URLS, permitiendo acceso no autenticado a la API de carga de archivos. Aunque el servidor valida las cargas basándose en los tipos MIME definidos en chatbotConfig.fullFileUpload.allowedUploadFileTypes, confía implícitamente en el encabezado Content-Type proporcionado por el cliente (file.mimetype) sin verificar el contenido real del archivo (bytes mágicos) o la extensión (file.originalname). En consecuencia, un atacante puede eludir esta restricción falsificando el Content-Type como un tipo permitido (p. ej., application/pdf) mientras carga scripts maliciosos o archivos arbitrarios. Una vez cargados a través de addArrayFilesToStorage, estos archivos persisten en el almacenamiento de backend (S3, GCS o disco local). Esta vulnerabilidad sirve como un punto de entrada crítico que, cuando se encadena con otras características como el alojamiento estático o la recuperación de archivos, puede conducir a XSS Almacenado, alojamiento de archivos maliciosos o Ejecución Remota de Código (RCE). Este problema ha sido parcheado en la versión 3.0.13.
References	~~() https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.13 -~~	() https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.0.13 - Product, Release Notes
References	~~() https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-j8g8-j7fc-43v6 -~~	() https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-j8g8-j7fc-43v6 - Exploit, Vendor Advisory

07 Mar 2026, 05:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-07 05:16

Updated : 2026-03-11 13:45

NVD link : CVE-2026-30821

Mitre link : CVE-2026-30821

CVE.ORG link : CVE-2026-30821

JSON object : View

Products Affected

flowiseai

flowise

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

9.8 /10