{"data":{"id":"9e77eaca-1304-493f-ba38-cedd8b70aec7","title":"CVE-2026-41271: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side R","summary":"Flowise, a tool with a drag-and-drop interface for building AI workflows, had a Server-Side Request Forgery vulnerability (SSRF, where an attacker tricks a server into making requests to unintended locations) in versions before 3.1.0 that let unauthenticated attackers force the server to send requests to internal or external systems by injecting malicious instructions into prompt templates. This could allow attackers to explore internal networks and steal data.","solution":"Update to version 3.1.0, where the vulnerability is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-41271","publishedAt":"2026-04-23T20:16:15.683Z","cveId":"CVE-2026-41271","cweIds":["CWE-918"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Flowise","FlowiseAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-23T20:16:15.683Z","capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010"]}}