Login Sign Up

CVE-2026-31829

7.1 HIGH
SSRF

📋 TL;DR

Flowise versions before 3.0.13 contain a Server-Side Request Forgery (SSRF) vulnerability in HTTP Node components. This allows attackers to force the Flowise server to make requests to internal network resources, potentially accessing sensitive systems. Any organization running publicly exposed Flowise chatflows is affected.

💻 Affected Systems

Products:
  • FlowiseAI Flowise
Versions: All versions prior to 3.0.13
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects deployments with publicly accessible chatflows using HTTP Node functionality.

📦 What is this software?

Flowise by Flowiseai

View all CVEs affecting Flowise →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access cloud metadata endpoints to obtain credentials, reach internal databases/services, or pivot to other internal systems leading to full network compromise.

🟠

Likely Case

Attackers scan internal networks, access internal APIs, or retrieve sensitive information from unprotected internal services.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the Flowise server's network segment.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SSRF vulnerabilities are commonly exploited and require minimal technical skill when chatflows are publicly accessible.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.13

Vendor Advisory: https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-fvcw-9w9r-pxc7

Restart Required: Yes

Instructions:

1. Update Flowise to version 3.0.13 or later using npm: npm update flowise. 2. Restart the Flowise service. 3. Verify the update completed successfully.

🔧 Temporary Workarounds

Network Restriction

linux

Implement network-level restrictions to block Flowise server from accessing internal networks

iptables -A OUTPUT -p tcp --dport 80 -j DROP
iptables -A OUTPUT -p tcp --dport 443 -j DROP

Access Control

all

Restrict public access to Flowise chatflows using authentication or IP whitelisting

🧯 If You Can't Patch

  • Isolate Flowise server in a dedicated network segment with no access to internal resources
  • Implement strict egress filtering to block all outbound HTTP/HTTPS traffic from Flowise server

🔍 How to Verify

Check if Vulnerable:

Check Flowise version: if below 3.0.13 and using HTTP Node with public chatflows, system is vulnerable.

Check Version:

npm list flowise | grep flowise

Verify Fix Applied:

Confirm version is 3.0.13 or higher and test HTTP Node functionality with internal IP addresses (should be blocked).

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from Flowise server
  • Requests to internal IP ranges (10.x.x.x, 172.16.x.x, 192.168.x.x)
  • Requests to localhost or cloud metadata endpoints

Network Indicators:

  • HTTP traffic from Flowise server to internal network segments
  • Requests to known cloud metadata endpoints (169.254.169.254)

SIEM Query:

source="flowise.logs" AND (dst_ip=10.0.0.0/8 OR dst_ip=172.16.0.0/12 OR dst_ip=192.168.0.0/16 OR dst_ip=127.0.0.1 OR dst_ip=169.254.169.254)

📊 Metadata

CVE ID: CVE-2026-31829
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
CWE: CWE-918
Published: March 10, 2026
Last Updated: March 11, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-31829, you might also want to check these:

CVE-2018-14721 10.0

CVE-2018-14721 is a Server-Side Request Forgery (SSRF) vulnerability in FasterXML jackson-databind v...

Same vulnerability type (CWE-918)
CVE-2023-3432 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in PlantUML versions prior to ...

Same vulnerability type (CWE-918)
CVE-2019-13020 10.0

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Tightrope Media Carousel's ...

Same vulnerability type (CWE-918)