CVE-2026-56273 in Flowise
Summary
by MITRE • 07/08/2026
Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector store implementations that accept unsanitized basePath parameters from authenticated users. Attackers with valid API tokens can write vector store data to arbitrary filesystem locations, potentially enabling code execution or data exfiltration.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Analysis
by VulDB Data Team • 07/08/2026
This vulnerability exists within Flowise versions prior to 3.1.0 and specifically affects the Faiss and SimpleStore vector store implementations. The flaw stems from inadequate input sanitization of the basePath parameter which is processed without proper validation or escaping mechanisms. When authenticated users submit requests containing malicious basePath values through API tokens, the system fails to properly constrain file system access, creating a path traversal condition that allows arbitrary file operations.
The technical implementation of this vulnerability leverages the trust model within Flowise's vector storage subsystem where authenticated API tokens are sufficient to execute destructive filesystem operations. Attackers can manipulate the basePath parameter to traverse directory structures and write vector store data to locations outside the intended storage boundaries. This represents a classic path traversal flaw that operates at the file system level, bypassing standard access controls and authorization checks that should normally prevent such operations.
From an operational impact perspective, this vulnerability enables attackers with valid API tokens to potentially achieve code execution through malicious file placement in writable directories or to exfiltrate sensitive data by writing to arbitrary locations. The attack surface expands significantly as legitimate authenticated users can leverage their credentials to perform unauthorized filesystem operations. This creates a privilege escalation scenario where existing access rights are exploited to gain broader system control, potentially leading to complete system compromise depending on the execution environment and file system permissions.
The vulnerability aligns with CWE-22 Path Traversal and maps to ATT&CK technique T1059 Command and Scripting Interpreter for potential code execution paths. Organizations should immediately implement the available patches from Flowise version 3.1.0 onwards which properly sanitize basePath parameters and enforce strict file system access controls. Additional mitigations include implementing network segmentation to limit API access, monitoring for unusual file system operations, and enforcing least privilege principles for API token usage. Security teams should also conduct thorough audits of vector store implementations and validate all user-supplied input through comprehensive sanitization routines to prevent similar vulnerabilities in other components.
The root cause analysis reveals insufficient parameter validation within the vector store implementation where basePath values are directly used in file system operations without proper path normalization or access control checks. This design flaw allows attackers to manipulate the intended storage location through crafted API requests, effectively bypassing the application's security controls that should normally prevent such unauthorized operations. The vulnerability demonstrates a critical gap in input validation and access control enforcement within authenticated API endpoints, particularly in components handling file system operations.
Organizations should prioritize patch management for Flowise installations and implement comprehensive logging of vector store operations to detect potential exploitation attempts. Network-based detection systems should monitor for unusual file system access patterns that may indicate path traversal activity. Additionally, security teams should consider implementing automated input validation frameworks that can prevent similar vulnerabilities across all application components handling user-supplied data through file system operations, ensuring proper separation of concerns and robust access control mechanisms are enforced throughout the application architecture.