CVE-2026-56275

Summary

Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud metadata, and enumerate internal services by exploiting the missing secureFetch verification in httpSecurity.ts.

Affected Software

VendorProductVersion RangeStatus
FlowiseFlowise0 < 3.1.0affected
FlowiseFlowise3.1.0unaffected
FlowiseFlowise0 < 3.1.0affected
FlowiseFlowise3.1.0unaffected

Weaknesses

  • CWE-918: Server-Side Request Forgery (SSRF)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References