CVE-2025-26319

Confirmed PUBLISHED

FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.

FlowiseAI · Flowise

Not yet in CISA KEV

Exploited in the wild Active exploitation observed PoC available

Recommended Action

Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.

Confidence
Confirmed
Exploitation Status
Active exploitation observed
Observed in Sensors
Yes
Attempts (30d)
17
Unique Attacker IPs
9
CISA KEV
Not yet in CISA KEV
CVSS / EPSS
9.8 Critical EPSS 50.8%

At a Glance

FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.

nuclei_scanner
CVE Published
Mar 04, 2025
Exploitation Reported
Jun 03, 2026
CVSS
9.8 Critical
EPSS
50.8%
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

Recommended Actions

  • Prioritize immediate patching and validate internet-facing exposure. Monitor for matching exploitation attempts in your environment.
  • Review sensor telemetry for request paths, attacker IPs, and payload patterns that may inform detection and exposure validation.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.