AI description
CVE-2025-26319 is an arbitrary file upload vulnerability found in FlowiseAI Flowise v2.2.6, specifically in the `/api/v1/attachments` endpoint. This vulnerability allows unauthenticated attackers to upload arbitrary files to Flowise servers. The vulnerability stems from a lack of proper validation of user-supplied parameters in the file upload route. By manipulating these parameters, attackers can bypass security checks and perform path traversal, potentially overwriting critical files. Successful exploitation could lead to remote code execution and complete server compromise, including modification of API keys and unauthorized access to sensitive data.
- Description
- FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.
- Source
- cve@mitre.org
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-434
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
4
CVE-2025-26319: FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments. https://t.co/K37e3FihTt https://t.co/RJsX1OK4ta
@cyber_advising
13 Mar 2025
467 Impressions
1 Retweet
6 Likes
3 Bookmarks
0 Replies
0 Quotes
GitHub - YuoLuo/CVE-2025-26319 - https://t.co/uTWhSwh56O
@piedpiper1616
13 Mar 2025
2990 Impressions
18 Retweets
51 Likes
13 Bookmarks
1 Reply
0 Quotes
A severe vulnerability (CVE-2025-26319) in the Flowise platform allows file uploads by unauthenticated users, risking remote code execution. Ensure proper mitigation measures are taken. ⚠️ #Flowise #OpenSource #USA link: https://t.co/sOVXjwOQXI https://t.co/0b3kASeGZR
@TweetThreatNews
13 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Follow @zoomeye_team & Get 7-Day Membership! 🚨🚨CVE-2025-26319 drops: Flowise hit with a pre-auth arbitrary file upload vuln! ⚠️This is BIG—think total agent framework compromise, remote server takeover, or data theft. The stakes? Sky-high. 🔥PoC: https://t.co/ikyG2O5VkQ… h
@zoomeye_team
13 Mar 2025
536 Impressions
0 Retweets
3 Likes
2 Bookmarks
1 Reply
0 Quotes
⚠️⚠️ CVE-2025-26319 (CVSS 9.8): Flowise Open-Source Platform Vulnerable to File Upload Exploit, No Patch 🎯20k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔥PoC: https://t.co/h25MAaXXpe 🔗FOFA Link: https://t.co/84YBAUcpxx FOFA Query:app="FlowiseAI"… https:
@fofabot
13 Mar 2025
2496 Impressions
4 Retweets
40 Likes
17 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2025-26319 (CVSS 9.8):An arbitrary file upload vulnerability in FlowiseAI Flowise v2.2.6 🧐Deep Dive :https://t.co/Ti99YZxXho 📊 35K+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/q2FFmyclXL 👇Query HUNTER :… https://t.co/WWQAs
@HunterMapping
13 Mar 2025
4097 Impressions
23 Retweets
71 Likes
32 Bookmarks
1 Reply
0 Quotes
CVE-2025-26319 (CVSS 9.8): Flowise Open-Source Platform Vulnerable to File Upload Exploit, No Patch Explore the critical CVE-2025-26319 vulnerability in Flowise that allows attackers to exploit file uploads and compromise servers. https://t.co/em8EpG63rL
@the_yellow_fall
13 Mar 2025
481 Impressions
4 Retweets
9 Likes
0 Bookmarks
0 Replies
0 Quotes
Flowise users, heads up! A critical flaw puts your servers at risk. Critical Flowise vulnerability (CVE-2025-26319) allows unauthenticated arbitrary file uploads, risking server control. TL;DR: • Flowise platform has a critical file upload vulnerability. • Attackers can… http
@TweekFawkes
11 Mar 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2025-26319 03/04/2025 10:15:40 PM BaseSeverity: CRITICAL FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments. https://t.co/Z0p0diPVDu
@CVETracker
5 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes