{"data":{"id":"3661703c-5c7c-4dc2-bddd-b9116db46ff4","title":"GHSA-6r77-hqx7-7vw8: Flowise:  APIChain Prompt Injection SSRF in GET/POST API Chains","summary":"FlowiseAI versions 2.2.1 and earlier contain a Server-Side Request Forgery (SSRF) vulnerability, where an attacker can inject malicious prompt templates into the API Chain components to trick the system into making HTTP requests to internal or external services it shouldn't access. Since the system trusts the LLM (language model) to generate URLs based on API documentation without validating them, attackers can provide fake documentation pointing to sensitive internal services, potentially exposing internal networks and data.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-6r77-hqx7-7vw8","publishedAt":"2026-04-16T21:52:11.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["prompt_injection","rag_poisoning"],"issueType":"vulnerability","affectedPackages":["flowise-components@<= 3.0.13 (fixed: 3.1.0)","flowise@<= 3.0.13 (fixed: 3.1.0)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["FlowiseAI","LangChain"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-04-16T21:52:11.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}