CVE-2024-31621 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2024-31621?

CVE-2024-31621 has a CVSS score of 7.6 (HIGH). This vulnerability allows remote attackers to execute arbitrary code on FlowiseAI installations by sending crafted scripts to the api/v1 component. It affects FlowiseAI Flowise versions 1.6.2 and earlier. Attackers can potentially take full control of affected systems.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on FlowiseAI installations by sending crafted scripts to the api/v1 component. It affects FlowiseAI Flowise versions 1.6.2 and earlier. Attackers can potentially take full control of affected systems.

💻 Affected Systems

Products:

FlowiseAI Flowise

Versions: v1.6.2 and earlier

Operating Systems: All platforms running Flowise

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable if the api/v1 endpoint is accessible.

📦 What is this software?

Flowise by Flowiseai

View all CVEs affecting Flowise →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attacker to execute arbitrary commands, steal data, deploy ransomware, or pivot to other systems.

🟠

Likely Case

Remote code execution leading to data theft, service disruption, or installation of backdoors.

🟢

If Mitigated

Limited impact if proper network segmentation, WAF rules, and least privilege access controls are implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit code is publicly available on Exploit-DB, making this easily weaponizable.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.6.3 or later

Vendor Advisory: https://flowiseai.com/

Restart Required: Yes

Instructions:

1. Backup your Flowise configuration and data. 2. Update to Flowise v1.6.3 or later using npm update or your package manager. 3. Restart the Flowise service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict access to the api/v1 endpoint using firewall rules or network segmentation.

iptables -A INPUT -p tcp --dport [FLOWISE_PORT] -s [TRUSTED_IPS] -j ACCEPT
iptables -A INPUT -p tcp --dport [FLOWISE_PORT] -j DROP

Web Application Firewall

all

Implement WAF rules to block malicious payloads targeting the api/v1 endpoint.

🧯 If You Can't Patch

Isolate the Flowise instance in a restricted network segment with no internet access
Implement strict input validation and sanitization for the api/v1 endpoint

🔍 How to Verify

Check if Vulnerable:

Check Flowise version. If version is 1.6.2 or earlier, the system is vulnerable.

Check Version:

npm list flowise or check package.json version

Verify Fix Applied:

Verify Flowise version is 1.6.3 or later and test that crafted scripts to api/v1 no longer execute.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /api/v1 with script content
System command execution from Flowise process
Unexpected process creation

Network Indicators:

HTTP requests with malicious payloads to api/v1 endpoint
Outbound connections from Flowise to unexpected destinations

SIEM Query:

source="flowise" AND (uri_path="/api/v1" AND (http_method="POST" OR http_method="PUT") AND size>1000)

📊 Metadata

CVE ID: CVE-2024-31621

CVSS v3 Score: 7.6 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

CWE: CWE-94

Published: April 29, 2024

Last Updated: May 27, 2025

🔗 References

https://flowiseai.com/ Product
https://www.exploit-db.com/exploits/52001 Exploit,Third Party Advisory,VDB Entry
https://flowiseai.com/ Product
https://www.exploit-db.com/exploits/52001 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-31621, you might also want to check these: