CVE-2026-56275

MEDIUM EPSS 8.1%

Published Jun 23, 20261w ago · Modified Jun 23, 20261w ago

6.0 CVSS 4.0

Medium

Published Jun 23, 2026 1w ago

Last Modified Jun 23, 2026 1w ago

Description

Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud metadata, and enumerate internal services by exploiting the missing secureFetch verification in httpSecurity.ts.

CVSS Details

Base Score

6.0

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity High

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

8.1% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-918 Server-Side Request Forgery (SSRF) Validation

References 2

github.com https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-9hrv-gvrv-6gf2
vulncheck.com https://www.vulncheck.com/advisories/flowise-server-side-request-forgery-via-execute-flow-base-url

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.