CVE-2025-26319

Severity CVSS v4.0:
Pending analysis
Type:
CWE-434 Unrestricted Upload of File with Dangerous Type
Publication date:
04/03/2025
Last modified:
24/06/2025

Description

FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:flowiseai:flowise:2.2.6:-:*:*:*:*:*:*