CVE-2026-41268
Published: 23 April 2026
Summary
CVE-2026-41268 is a critical-severity Improper Input Validation (CWE-20) vulnerability in Flowiseai Flowise. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 21.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires timely remediation of the critical RCE flaw through patching to Flowise version 3.1.0 as specified in the advisory.
Mandates validation of information inputs to counter the improper input validation enabling the FILE-STORAGE:: parameter override and NODE_OPTIONS environment variable injection.
Enforces boundary protection to monitor and control unauthenticated HTTP requests, blocking exploitation attempts at external interfaces.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated RCE vulnerability in public-facing Flowise web application (T1190) enables execution of arbitrary system commands with root privileges in containerized Unix environment (T1059.004).
NVD Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated remote command execution (RCE) vulnerability. It can be exploited via a parameter override bypass…
more
using the FILE-STORAGE:: keyword combined with a NODE_OPTIONS environment variable injection. This allows for the execution of arbitrary system commands with root privileges within the containerized Flowise instance, requiring only a single HTTP request and no authentication or knowledge of the instance. This vulnerability is fixed in 3.1.0.
Deeper analysisAI
CVE-2026-41268 is a critical unauthenticated remote command execution (RCE) vulnerability affecting Flowise, an open-source drag-and-drop user interface for building customized large language model (LLM) flows. Versions of Flowise prior to 3.1.0 are vulnerable due to a parameter override bypass that leverages the FILE-STORAGE:: keyword in combination with NODE_OPTIONS environment variable injection. This flaw, associated with CWE-20 (Improper Input Validation), carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on April 23, 2026.
Any unauthenticated attacker with network access to a vulnerable Flowise instance can exploit this vulnerability using a single HTTP request, without requiring authentication credentials or prior knowledge of the target. Successful exploitation enables the execution of arbitrary system commands with root privileges inside the containerized Flowise environment, potentially leading to full compromise of the host system.
The official GitHub security advisory (GHSA-cvrr-qhgw-2mm6) confirms that the vulnerability is fully remediated in Flowise version 3.1.0, urging users to upgrade immediately. No additional workarounds are specified, emphasizing the need for prompt patching in all exposed deployments.
Flowise's role in LLM workflow orchestration makes this vulnerability particularly relevant for AI/ML practitioners, as compromised instances could disrupt or manipulate model training and inference pipelines. No public evidence of real-world exploitation has been reported as of publication.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: large language model