CVE-2026-31829 - Vulnerability Analysis
HighCVSS: 7.1Last Updated: March 11, 2026
Flowise - Server-Side Request Forgery
Published: March 10, 2026Updated: March 11, 2026PoC AvailableRemote Exploitable
Overview
Flowise < 3.0.13 contains a server-side request forgery caused by unrestricted HTTP Node requests using user-controlled URLs, letting attackers make requests to internal network resources, exploit requires user interaction with chatflow.
Severity & Score
Severity: High
CVSS Score: 7.1
Impact
Attackers can make the server perform unauthorized requests to internal network resources, potentially exposing sensitive data or services.
Mitigation
Upgrade to version 3.0.13 or later.
Related Resources
Details
- CVE ID
- CVE-2026-31829
- Severity
- High
- CVSS Score
- 7.1
- Type
- server_side_request_forgery
- Status
- confirmed
CWE
- CWE-918
CVSS Metrics
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L