{"data":{"id":"d9a3a228-cafb-40a7-9a5e-244dc1598157","title":"CVE-2026-56273: Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector store implementations that ","summary":"Flowise versions before 3.1.0 contain a path traversal vulnerability (a flaw where attackers can access files outside the intended directory) in its Faiss and SimpleStore vector store (systems that store and retrieve AI embeddings, which are numerical representations of data) implementations. Attackers who have valid API tokens can exploit unsanitized basePath parameters to write data to any location on the filesystem, potentially leading to code execution or data theft.","solution":"Upgrade to Flowise version 3.1.0 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-56273","publishedAt":"2026-07-08T14:17:15.800Z","cveId":"CVE-2026-56273","cweIds":["CWE-22"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Flowise","Faiss","SimpleStore"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-08T14:17:15.800Z","capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"rag","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":["AML.T0010"]}}