CVE-2026-56273: Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector store implementations that
Summary
Flowise versions before 3.1.0 contain a path traversal vulnerability (a flaw where attackers can access files outside the intended directory) in its Faiss and SimpleStore vector store (systems that store and retrieve AI embeddings, which are numerical representations of data) implementations. Attackers who have valid API tokens can exploit unsanitized basePath parameters to write data to any location on the filesystem, potentially leading to code execution or data theft.
Solution / Mitigation
Upgrade to Flowise version 3.1.0 or later.
Vulnerability Details
6.5(medium)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
network
low
low
none
July 8, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-56273
First tracked: July 8, 2026 at 02:07 PM
Classified by LLM (prompt v3) · confidence: 85%