Cyber Resilience

CVE-2025-26319

CriticalPublic PoC

Published: 04 March 2025

Published
04 March 2025
Modified
24 June 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.8771 99.5th percentile
Risk Priority 72 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-26319 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Flowiseai Flowise. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Ingress Tool Transfer (T1105); ranked in the top 0.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

FlowiseAI Flowise version 2.2.6 contains an arbitrary file upload vulnerability in the /api/v1/attachments endpoint, tracked as CVE-2025-26319 and assigned CWE-434. The flaw received a CVSS 3.1 score of 9.8, reflecting network-accessible exploitation with low attack complexity and no required privileges or user interaction.

An unauthenticated attacker can send crafted requests to the affected endpoint to upload arbitrary files, resulting in full compromise of confidentiality, integrity, and availability on the target system. The published references consist of GitHub repositories that document the issue but provide no official patch or mitigation guidance.

The associated EPSS score stands at 0.8771 with a recorded peak of 0.8921, indicating sustained high exploitation probability since disclosure. Flowise is an open-source LLM orchestration platform, placing the vulnerability in an AI-adjacent development environment.

EU & UK References

Vulnerability details

FlowiseAI Flowise v2.2.6 was discovered to contain an arbitrary file upload vulnerability in /api/v1/attachments.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: flowise

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1105 Ingress Tool Transfer Command And Control
Adversaries may transfer tools or other files from an external system into a compromised environment.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Arbitrary file upload in /api/v1/attachments enables exploitation of public-facing application (T1190), ingress of tools/malware (T1105), and deployment of web shells (T1505.003) for execution and persistence.

CVEs Like This One

CVE-2026-30821Same product: Flowiseai Flowise
CVE-2025-61687Same product: Flowiseai Flowise
CVE-2026-41269Same product: Flowiseai Flowise
CVE-2025-61913Same product: Flowiseai Flowise
CVE-2025-34267Same product: Flowiseai Flowise
CVE-2026-41274Same product: Flowiseai Flowise
CVE-2026-41277Same product: Flowiseai Flowise
CVE-2025-8943Same product: Flowiseai Flowise
CVE-2026-41272Same product: Flowiseai Flowise
CVE-2026-41265Same product: Flowiseai Flowise

Affected Assets

flowiseai
flowise
2.2.6

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires timely identification, reporting, and correction of the specific arbitrary file upload flaw in Flowise's /api/v1/attachments endpoint.

prevent

Mandates validation of file inputs at the /api/v1/attachments endpoint to reject dangerous file types and prevent unrestricted uploads.

prevent

Enforces authentication and authorization on the unauthenticated /api/v1/attachments endpoint to block remote attacker access.

References