CVE-2026-56275 | Flowise before 3.1.0 contains a server-side request forgery … | CVSS 6.0 MEDIUM

Description

Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud metadata, and enumerate internal services by exploiting the missing secureFetch verification in httpSecurity.ts.

Metadata

CVE ID: CVE-2026-56275
State: PUBLISHED
Assigner: VulnCheck
Reserved: 2026-06-20 01:47 UTC
Published: 2026-06-23 12:13 UTC
Last updated: 2026-06-23 13:57 UTC
Primary CWE: CWE-918
Server-Side Request Forgery (SSRF)
Vendor / Product: Flowise / Flowise
Sources: cve.org · NVD

Severity & Metrics

6.0 MEDIUM CVSS 4.0

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (2)

Vendor	Product	Platform	Versions
Flowise	Flowise	—	0 < 3.1.0, 3.1.0
Flowise	Flowise	—	0 < 3.1.0, 3.1.0

Weakness (CWE)

CWE	Source	Description
CWE-918	cna	Server-Side Request Forgery (SSRF)

CVSS scores (1)

Score	Severity	Version	Source	Vector
6.0	MEDIUM	4.0	cna	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

References (2)

GitHub Security Advisory (GHSA-9hrv-gvrv-6gf2) https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-9hrv-gvrv-6gf2
VulnCheck Advisory: Flowise - Server-Side Request Forgery via Execute Flow Base URL https://www.vulncheck.com/advisories/flowise-server-side-request-forgery-via-execute-flow-base-url