CVE-2026-31829 (GCVE-0-2026-31829)
Vulnerability from cvelistv5 – Published: 2026-03-10 21:43 – Updated: 2026-03-11 15:19
VLAI
Title
Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access
Summary
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including private/internal IP ranges (RFC 1918), localhost, or cloud metadata endpoints. This enables Server-Side Request Forgery (SSRF), allowing any user interacting with a publicly exposed chatflow to force the Flowise server to make requests to internal network resources that are inaccessible from the public internet. This vulnerability is fixed in 3.0.13.
Severity
7.1 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/FlowiseAI/Flowise/security/adv… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31829",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T14:15:56.425316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T15:19:28.567Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Flowise",
"vendor": "FlowiseAI",
"versions": [
{
"status": "affected",
"version": "\u003c 3.0.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flowise is a drag \u0026 drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including private/internal IP ranges (RFC 1918), localhost, or cloud metadata endpoints. This enables Server-Side Request Forgery (SSRF), allowing any user interacting with a publicly exposed chatflow to force the Flowise server to make requests to internal network resources that are inaccessible from the public internet. This vulnerability is fixed in 3.0.13."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T21:43:58.549Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-fvcw-9w9r-pxc7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-fvcw-9w9r-pxc7"
}
],
"source": {
"advisory": "GHSA-fvcw-9w9r-pxc7",
"discovery": "UNKNOWN"
},
"title": "Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-31829",
"datePublished": "2026-03-10T21:43:58.549Z",
"dateReserved": "2026-03-09T17:41:56.077Z",
"dateUpdated": "2026-03-11T15:19:28.567Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-31829",
"date": "2026-06-01",
"epss": "0.00103",
"percentile": "0.27816"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-31829\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-03-10T22:16:20.937\",\"lastModified\":\"2026-03-11T14:24:01.977\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Flowise is a drag \u0026 drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including private/internal IP ranges (RFC 1918), localhost, or cloud metadata endpoints. This enables Server-Side Request Forgery (SSRF), allowing any user interacting with a publicly exposed chatflow to force the Flowise server to make requests to internal network resources that are inaccessible from the public internet. This vulnerability is fixed in 3.0.13.\"},{\"lang\":\"es\",\"value\":\"Flowise es una interfaz de usuario de arrastrar y soltar para construir un flujo de modelo de lenguaje grande personalizado. Antes de la versi\u00f3n 3.0.13, Flowise expone un Nodo HTTP en AgentFlow y Chatflow que realiza peticiones HTTP del lado del servidor utilizando URLs controladas por el usuario. Por defecto, no hay restricciones en los hosts de destino, incluyendo rangos de IP privados/internos (RFC 1918), localhost, o puntos finales de metadatos en la nube. Esto permite la Falsificaci\u00f3n de Petici\u00f3n del Lado del Servidor (SSRF), permitiendo a cualquier usuario que interact\u00faa con un chatflow expuesto p\u00fablicamente forzar al servidor Flowise a realizar peticiones a recursos de red internos que son inaccesibles desde la internet p\u00fablica. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 3.0.13.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.6,\"impactScore\":5.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.0.13\",\"matchCriteriaId\":\"8C6D6D18-106F-49FE-B523-B5DCAADFB40F\"}]}]}],\"references\":[{\"url\":\"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-fvcw-9w9r-pxc7\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Mitigation\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"title\": \"Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access\", \"source\": {\"advisory\": \"GHSA-fvcw-9w9r-pxc7\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"FlowiseAI\", \"product\": \"Flowise\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c 3.0.13\"}]}], \"references\": [{\"url\": \"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-fvcw-9w9r-pxc7\", \"name\": \"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-fvcw-9w9r-pxc7\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Flowise is a drag \u0026 drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including private/internal IP ranges (RFC 1918), localhost, or cloud metadata endpoints. This enables Server-Side Request Forgery (SSRF), allowing any user interacting with a publicly exposed chatflow to force the Flowise server to make requests to internal network resources that are inaccessible from the public internet. This vulnerability is fixed in 3.0.13.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-918\", \"description\": \"CWE-918: Server-Side Request Forgery (SSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2026-03-10T21:43:58.549Z\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-31829\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-11T14:15:56.425316Z\"}}}], \"providerMetadata\": {\"shortName\": \"CISA-ADP\", \"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"dateUpdated\": \"2026-03-11T14:16:03.209Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2026-31829\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-10T21:43:58.549Z\", \"dateReserved\": \"2026-03-09T17:41:56.077Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2026-03-10T21:43:58.549Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-31829
Vulnerability from fkie_nvd - Published: 2026-03-10 22:16 - Updated: 2026-03-11 14:24
Severity
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including private/internal IP ranges (RFC 1918), localhost, or cloud metadata endpoints. This enables Server-Side Request Forgery (SSRF), allowing any user interacting with a publicly exposed chatflow to force the Flowise server to make requests to internal network resources that are inaccessible from the public internet. This vulnerability is fixed in 3.0.13.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-fvcw-9w9r-pxc7 | Exploit, Mitigation, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6D6D18-106F-49FE-B523-B5DCAADFB40F",
"versionEndExcluding": "3.0.13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Flowise is a drag \u0026 drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including private/internal IP ranges (RFC 1918), localhost, or cloud metadata endpoints. This enables Server-Side Request Forgery (SSRF), allowing any user interacting with a publicly exposed chatflow to force the Flowise server to make requests to internal network resources that are inaccessible from the public internet. This vulnerability is fixed in 3.0.13."
},
{
"lang": "es",
"value": "Flowise es una interfaz de usuario de arrastrar y soltar para construir un flujo de modelo de lenguaje grande personalizado. Antes de la versi\u00f3n 3.0.13, Flowise expone un Nodo HTTP en AgentFlow y Chatflow que realiza peticiones HTTP del lado del servidor utilizando URLs controladas por el usuario. Por defecto, no hay restricciones en los hosts de destino, incluyendo rangos de IP privados/internos (RFC 1918), localhost, o puntos finales de metadatos en la nube. Esto permite la Falsificaci\u00f3n de Petici\u00f3n del Lado del Servidor (SSRF), permitiendo a cualquier usuario que interact\u00faa con un chatflow expuesto p\u00fablicamente forzar al servidor Flowise a realizar peticiones a recursos de red internos que son inaccesibles desde la internet p\u00fablica. Esta vulnerabilidad est\u00e1 corregida en la versi\u00f3n 3.0.13."
}
],
"id": "CVE-2026-31829",
"lastModified": "2026-03-11T14:24:01.977",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.5,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2026-03-10T22:16:20.937",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-fvcw-9w9r-pxc7"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
GHSA-FVCW-9W9R-PXC7
Vulnerability from github – Published: 2026-03-11 00:24 – Updated: 2026-04-10 17:33
VLAI
Summary
Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access
Details
Description: Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including private/internal IP ranges (RFC 1918), localhost, or cloud metadata endpoints. This enables Server-Side Request Forgery (SSRF), allowing any user interacting with a publicly exposed chatflow to force the Flowise server to make requests to internal network resources that are inaccessible from the public internet.
Impact includes: - Access to internal admin panels (e.g., internal company dashboards, Jenkins, Kubernetes API, etc.). - Retrieval of cloud provider metadata (e.g., AWS IMDSv1 at [http://169.254.169.254], GCP, Azure). - Port scanning and enumeration of internal services. - Potential lateral movement or privilege escalation in compromised environments.
This vulnerability is particularly severe because: - Flowise instances are often deployed publicly without authentication (FLOWISE_USERNAME/PASSWORD not set by default). - The HTTP Node is easily accessible in simple flows with minimal configuration.
Proof of Concept (PoC):
A minimal flow consisting of three nodes demonstrates successful internal network access:
Flow Structure:
HTTP Node Configuration:
The HTTP Node is configured to perform a GET request to an internal address on localhost:
URL: http://127.0.0.1:8000 (or any internal service)
Successful Response from Internal Service:
When the flow is triggered via chat input, the Flowise server successfully retrieves and returns content from the internal mock server running on port 8000 within the same container/network:
Impact This is a Server-Side Request Forgery (SSRF) vulnerability with both read and write capabilities. The HTTP Request node supports all standard HTTP methods (GET, POST, PUT, PATCH, DELETE), allowing attackers to not only retrieve sensitive information but also modify, create, or delete data on internal services if those services expose mutable endpoints: - Read access: Retrieval of sensitive internal data, cloud provider metadata (e.g., AWS IAM credentials at http://169.254.169.254/latest/meta-data/iam/security-credentials/), secrets, configuration files, or database contents. - Write access: Modification or deletion of internal resources via POST/PUT/PATCH/DELETE methods (e.g., creating malicious users/configurations, overwriting files, deleting data, triggering destructive actions on internal admin panels, CI/CD systems like Jenkins, Kubernetes APIs, or cloud management interfaces). Amplification: Retrieved cloud credentials can be used for further privilege escalation or lateral movement outside the n8n instance.
Suggested Long-term Fix (for Flowise): - Add optional security controls to HTTP Node: - Toggle: "Block private IP ranges and localhost" (enabled by default). - Field: "Allowed domains" (whitelist). - Display prominent warning when URL field uses template variables (e.g., {{ }}). - Update documentation with explicit SSRF risks and best practices.
Severity
7.1 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.0.12"
},
"package": {
"ecosystem": "npm",
"name": "flowise"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.0.12"
},
"package": {
"ecosystem": "npm",
"name": "flowise-components"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.13"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-31829"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-11T00:24:05Z",
"nvd_published_at": "2026-03-10T22:16:20Z",
"severity": "HIGH"
},
"details": "**Description:**\nFlowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including private/internal IP ranges (RFC 1918), localhost, or cloud metadata endpoints.\nThis enables Server-Side Request Forgery (SSRF), allowing any user interacting with a publicly exposed chatflow to force the Flowise server to make requests to internal network resources that are inaccessible from the public internet.\n\n**Impact includes:**\n- Access to internal admin panels (e.g., internal company dashboards, Jenkins, Kubernetes API, etc.).\n- Retrieval of cloud provider metadata (e.g., AWS IMDSv1 at [http://169.254.169.254], GCP, Azure).\n- Port scanning and enumeration of internal services.\n- Potential lateral movement or privilege escalation in compromised environments.\n\nThis vulnerability is particularly severe because:\n- Flowise instances are often deployed publicly without authentication (FLOWISE_USERNAME/PASSWORD not set by default).\n- The HTTP Node is easily accessible in simple flows with minimal configuration.\n\n**Proof of Concept (PoC):**\nA minimal flow consisting of three nodes demonstrates successful internal network access:\nFlow Structure:\n\u003cimg width=\"1131\" height=\"323\" alt=\"image\" src=\"https://github.com/user-attachments/assets/f6ddc74f-3ae9-4376-995a-693fb272627a\" /\u003e\nHTTP Node Configuration:\nThe HTTP Node is configured to perform a GET request to an internal address on localhost:\nURL: http://127.0.0.1:8000 (or any internal service)\n\u003cimg width=\"568\" height=\"759\" alt=\"image\" src=\"https://github.com/user-attachments/assets/a5735e1f-f735-4d01-9d72-a772963254c8\" /\u003e\n\nSuccessful Response from Internal Service:\nWhen the flow is triggered via chat input, the Flowise server successfully retrieves and returns content from the internal mock server running on port 8000 within the same container/network:\n\u003cimg width=\"377\" height=\"627\" alt=\"image\" src=\"https://github.com/user-attachments/assets/ff3fcfc6-4957-4aae-9c9d-13b4fca1d0ef\" /\u003e\n\n\n**Impact**\nThis is a Server-Side Request Forgery (SSRF) vulnerability with both read and write capabilities.\nThe HTTP Request node supports all standard HTTP methods (GET, POST, PUT, PATCH, DELETE), allowing attackers to not only retrieve sensitive information but also modify, create, or delete data on internal services if those services expose mutable endpoints:\n- Read access: Retrieval of sensitive internal data, cloud provider metadata (e.g., AWS IAM credentials at http://169.254.169.254/latest/meta-data/iam/security-credentials/), secrets, configuration files, or database contents.\n- Write access: Modification or deletion of internal resources via POST/PUT/PATCH/DELETE methods (e.g., creating malicious users/configurations, overwriting files, deleting data, triggering destructive actions on internal admin panels, CI/CD systems like Jenkins, Kubernetes APIs, or cloud management interfaces).\nAmplification: Retrieved cloud credentials can be used for further privilege escalation or lateral movement outside the n8n instance.\n\n\nSuggested Long-term Fix (for Flowise):\n- Add optional security controls to HTTP Node:\n- Toggle: \"Block private IP ranges and localhost\" (enabled by default).\n- Field: \"Allowed domains\" (whitelist).\n- Display prominent warning when URL field uses template variables (e.g., {{ }}).\n- Update documentation with explicit SSRF risks and best practices.",
"id": "GHSA-fvcw-9w9r-pxc7",
"modified": "2026-04-10T17:33:10Z",
"published": "2026-03-11T00:24:05Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-fvcw-9w9r-pxc7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31829"
},
{
"type": "PACKAGE",
"url": "https://github.com/FlowiseAI/Flowise"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
}
],
"summary": "Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access"
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…