CVE-2025-26319

Critical

FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.

mitre·CWE-434·Published 2025-03-04

CVSS

9.8

EPSS

0.51

KEV

Exploits

cve.orgen

113 chars

FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.

NVDen

113 chars

FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.

OSV.deven

113 chars

FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.

GHSAen

113 chars

FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.

NVDes

126 chars

Se descubrió que FlowiseAI Flowise v2.2.6 contenía una vulnerabilidad de carga de archivos arbitrarios en /api/v1/attachments.

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H