CVE-2026-31829: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise expose
highvulnerabilityLLM-Specific
security
Summary
Flowise, a tool for building custom AI workflows with a drag-and-drop interface, had a vulnerability before version 3.0.13 where its HTTP Node allowed attackers to perform SSRF (server-side request forgery, forcing a server to make requests to internal resources it shouldn't access) by sending requests to private networks or internal systems that are normally hidden from the public internet. This vulnerability is fixed in 3.0.13.
Solution / Mitigation
Update Flowise to version 3.0.13 or later.
Vulnerability Details
CVSS Score
7.1(high)
EPSS (30-day exploit probability)
EPSS: 0.0%
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Attack Vector
network
Attack Complexity
high
Privileges Required
low
User Interaction
none
Disclosure Date
March 10, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
LangChain
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-31829
First tracked: March 10, 2026 at 08:07 PM
Classified by LLM (prompt v3) · confidence: 92%