CVE-2024-36420
Published: 01 July 2024
Summary
CVE-2024-36420 is a high-severity Injection (CWE-74) vulnerability in Flowiseai Flowise. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 1.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Privacy and Disclosure risk domain; MITRE ATLAS techniques in scope: Obtain Capabilities (AML.T0016), Exfiltration via AI Inference API (AML.T0024).
Deeper analysis
Flowise version 1.4.3, a drag-and-drop interface for constructing customized large language model flows, is affected by an arbitrary file read vulnerability in the /api/v1/openai-assistants-file endpoint. The flaw resides in packages/server/src/index.ts and stems from missing sanitization of the fileName body parameter, corresponding to CWE-74 and carrying a CVSS 3.1 score of 7.5 for unauthenticated network access that impacts confidentiality.
Remote attackers without credentials can submit crafted POST requests to the endpoint and retrieve arbitrary files from the underlying server filesystem, exposing sensitive configuration or data. The attack requires no user interaction and can be performed directly over the network.
Public references, including the GitHub Security Lab advisory GHSL-2023-232 and the affected source lines, document the injection vector, while the vulnerability record states that no patches are available. The associated EPSS score of 0.5832 reflects sustained exploitation interest for this LLM-related component.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-2594
Vulnerability details
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the `/api/v1/openai-assistants-file` endpoint in `index.ts` is vulnerable to arbitrary file read due to lack of sanitization of the `fileName`…
more
body parameter. No known patches for this issue are available.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Flowise is a drag-and-drop user interface for building customized large language model (LLM) flows, specifically integrating with OpenAI Assistants (e.g., /api/v1/openai-assistants-file endpoint), fitting the Enterprise AI Assistants category as a platform for developing and deploying LLM-based assistants.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path injection in CVE-2024-36420 enables arbitrary file reads from the local system (T1005) through exploitation of a public-facing web application API endpoint (T1190).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Developer assessments and testing (including injection-focused techniques) identify improper neutralization of special elements, and the verifiable flaw remediation corrects them pre-deployment.
Identifies indicators of injection attacks (command, SQL, LDAP, etc.) via anomaly and attack monitoring.