Cyber Resilience

CVE-2026-41269

HighPublic PoC

Published: 23 April 2026

Published
23 April 2026
Modified
24 April 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
EPSS Score 0.0047 37.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-41269 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Flowiseai Flowise. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 37.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-3 (Malicious Code Protection).

Deeper analysis

CVE-2026-41269 affects Flowise, an open-source drag-and-drop user interface for building customized large language model (LLM) flows. In versions prior to 3.1.0, the Chatflow configuration file upload settings can be modified to permit the application/javascript MIME type, bypassing frontend restrictions on JavaScript file uploads. This flaw, classified under CWE-434 (Unrestricted Upload of File with Dangerous Type), carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N), indicating high severity due to its potential for significant integrity impacts.

An attacker with low privileges, such as an authenticated user, can exploit this vulnerability over the network with low complexity and no user interaction required. By uploading malicious .js files disguised through the modified MIME type, the attacker can persistently store Node.js web shells on the server. This enables remote code execution (RCE), allowing control over server-side operations while achieving low confidentiality impact, high integrity compromise, and no availability disruption per the CVSS vector.

The official GitHub security advisory (GHSA-rh7v-6w34-w2rr) confirms the issue is resolved in Flowise version 3.1.0, recommending immediate upgrades to mitigate the vulnerability. No additional workarounds are specified in available details.

Flowise's focus on LLM workflow orchestration introduces AI/ML relevance, as compromised instances could manipulate or exfiltrate model configurations and data flows. No public evidence of real-world exploitation has been reported as of the CVE publication on 2026-04-23.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js…

more

files even though the frontend doesn’t normally allow JavaScript uploads. This enables attackers to persistently store malicious Node.js web shells on the server, potentially leading to Remote Code Execution (RCE). This vulnerability is fixed in 3.1.0.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: flowise, large language model

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Unrestricted JS file upload in public-facing app enables web shell deployment for RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-30821Same product: Flowiseai Flowise
CVE-2025-26319Same product: Flowiseai Flowise
CVE-2025-61687Same product: Flowiseai Flowise
CVE-2025-61913Same product: Flowiseai Flowise
CVE-2025-34267Same product: Flowiseai Flowise
CVE-2025-8943Same product: Flowiseai Flowise
CVE-2026-41272Same product: Flowiseai Flowise
CVE-2026-41277Same product: Flowiseai Flowise
CVE-2026-41274Same product: Flowiseai Flowise
CVE-2026-41270Same product: Flowiseai Flowise

Affected Assets

flowiseai
flowise
≤ 3.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces input validation on Chatflow configuration file uploads to reject dangerous MIME types like application/javascript and prevent malicious .js web shells.

prevent

Restricts classes of input data to prohibit JavaScript files during uploads, blocking the bypass of frontend restrictions.

preventdetect

Deploys malicious code protection mechanisms at web boundaries to scan and block persistent Node.js web shells from uploaded files.

References