CVE-2026-56273 in Flowiseinfo

Zusammenfassung

von MITRE • 08.07.2026

Flowise before 3.1.0 contains a path traversal vulnerability in Faiss and SimpleStore vector store implementations that accept unsanitized basePath parameters from authenticated users. Attackers with valid API tokens can write vector store data to arbitrary filesystem locations, potentially enabling code execution or data exfiltration.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Zuständig

VulnCheck

Reservieren

20.06.2026

Veröffentlichung

08.07.2026

Moderieren

akzeptiert

Eintrag

VDB-376855

CPE

bereit

EPSS

0.00000

KEV

nein

Aktivitäten

very low

Quellen

Do you need the next level of professionalism?

Upgrade your account now!