CVE-2026-41269
Published: 23 April 2026
Summary
CVE-2026-41269 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Flowiseai Flowise. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 31.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-3 (Malicious Code Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces input validation on Chatflow configuration file uploads to reject dangerous MIME types like application/javascript and prevent malicious .js web shells.
Restricts classes of input data to prohibit JavaScript files during uploads, blocking the bypass of frontend restrictions.
Deploys malicious code protection mechanisms at web boundaries to scan and block persistent Node.js web shells from uploaded files.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unrestricted JS file upload in public-facing app enables web shell deployment for RCE.
NVD Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js…
more
files even though the frontend doesn’t normally allow JavaScript uploads. This enables attackers to persistently store malicious Node.js web shells on the server, potentially leading to Remote Code Execution (RCE). This vulnerability is fixed in 3.1.0.
Deeper analysisAI
CVE-2026-41269 affects Flowise, an open-source drag-and-drop user interface for building customized large language model (LLM) flows. In versions prior to 3.1.0, the Chatflow configuration file upload settings can be modified to permit the application/javascript MIME type, bypassing frontend restrictions on JavaScript file uploads. This flaw, classified under CWE-434 (Unrestricted Upload of File with Dangerous Type), carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N), indicating high severity due to its potential for significant integrity impacts.
An attacker with low privileges, such as an authenticated user, can exploit this vulnerability over the network with low complexity and no user interaction required. By uploading malicious .js files disguised through the modified MIME type, the attacker can persistently store Node.js web shells on the server. This enables remote code execution (RCE), allowing control over server-side operations while achieving low confidentiality impact, high integrity compromise, and no availability disruption per the CVSS vector.
The official GitHub security advisory (GHSA-rh7v-6w34-w2rr) confirms the issue is resolved in Flowise version 3.1.0, recommending immediate upgrades to mitigate the vulnerability. No additional workarounds are specified in available details.
Flowise's focus on LLM workflow orchestration introduces AI/ML relevance, as compromised instances could manipulate or exfiltrate model configurations and data flows. No public evidence of real-world exploitation has been reported as of the CVE publication on 2026-04-23.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: large language model