CVE-2026-43995: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool i
Summary
Flowise, a tool for building customized AI workflows through a visual interface, has a vulnerability in versions before 3.1.0 where four specific tools bypass security protections by directly using raw HTTP clients (tools for making web requests) instead of using a secured wrapper. This could allow attackers with login credentials to make unauthorized server requests (SSRF, or server-side request forgery).
Solution / Mitigation
Update Flowise to version 3.1.0 or later, where this vulnerability is fixed.
Vulnerability Details
EPSS: 0.0%
May 11, 2026
Classification
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-43995
First tracked: May 12, 2026 at 02:12 AM
Classified by LLM (prompt v3) · confidence: 85%