FlowiseAI Flowise v2.2.6 Pre-Auth Arbitrary File Upload (CVE-2025–26319)

Flowise is a popular open-source no-code/low-code platform that makes building AI agents simple, even for those without advanced technical expertise. With its drag-and-drop interface, users can easily set up knowledge bases, tools, and models.

With over 35K stars and 1M+ Docker pulls, Flowise serves a diverse range of users, from small businesses to large enterprises.

A Path traversal vulnerability has been discovered in Flowise v2.2.6 which has been rated as critical

Refer the original article from the researcher: https://medium.com/@attias.dor/the-burn-notice-part-2-5-5-flowise-pre-auth-arbitrary-file-upload-cve-2025-26319-0d4194a34183

To learn more about our services and how we can help protect your systems, visit https://www.vaptern.com/services or contact us directly.