CVE-2024-36421
Published: 01 July 2024
Summary
CVE-2024-36421 is a high-severity Origin Validation Error (CWE-346) vulnerability in Flowiseai Flowise. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked in the top 17.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Privacy and Disclosure risk domain; MITRE ATLAS techniques in scope: Obtain Capabilities (AML.T0016), AI Model Inference API Access (AML.T0040), Exfiltration via AI Inference API (AML.T0024).
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-2510
Vulnerability details
Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, A CORS misconfiguration sets the Access-Control-Allow-Origin header to all, allowing arbitrary origins to connect to the website. In the…
more
default configuration (unauthenticated), arbitrary origins may be able to make requests to Flowise, stealing information from the user. This CORS misconfiguration may be chained with the path injection to allow an attacker attackers without access to Flowise to read arbitrary files from the Flowise server. As of time of publication, no known patches are available.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Flowise is a drag-and-drop UI for building customized large language model (LLM) flows and AI agents, including integrations with OpenAI Assistants, aligning with Enterprise AI Assistants.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Path injection enables arbitrary file reads (T1005, T1083); reflected XSS enables client-side code execution (T1203); CORS misconfiguration facilitates cross-origin exploitation of vulnerable public-facing web application endpoints (T1190).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Requires unique identification of the service before communications, addressing failures to validate the origin of the interaction.
Trusted path establishment enforces validation that the communication originates from and reaches only the intended trusted system components.
Enforces validation of the true origin of DNS responses via signatures and chain-of-trust mechanisms.
Enforces origin validation of name/address data, eliminating reliance on unverified or impersonated DNS sources.
Mandates origin validation so that only legitimate endpoints can continue the authenticated session.