CVE-2026-41272
Published: 23 April 2026
Summary
CVE-2026-41272 is a high-severity SSRF (CWE-918) vulnerability in Flowiseai Flowise. Its CVSS base score is 7.1 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 13.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-20 (Secure Name/Address Resolution Service (Authoritative Source)).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the SSRF vulnerability by requiring timely identification, testing, and installation of fixes like the patch in Flowise 3.1.0 addressing logic flaws in secureAxiosRequest and secureFetch.
Enforces information flow control policies with allow/deny lists to prevent unauthorized server-side requests, countering bypasses in the flawed security wrappers and default configurations.
Protects against DNS rebinding exploits via TOCTOU conditions by requiring authoritative or organization-configured name resolution sources.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SSRF vulnerability in public-facing Flowise web app directly enables network exploitation of the application to access internal resources, mapping to T1190.
NVD Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the core security wrappers (secureAxiosRequest and secureFetch) intended to prevent Server-Side Request Forgery (SSRF) contain multiple logic flaws. These flaws allow…
more
attackers to bypass the allow/deny lists via DNS Rebinding (Time-of-Check Time-of-Use) or by exploiting the default configuration which fails to enforce any deny list. This vulnerability is fixed in 3.1.0.
Deeper analysisAI
CVE-2026-41272 is a Server-Side Request Forgery (SSRF) vulnerability affecting Flowise, an open-source drag-and-drop user interface for building customized large language model (LLM) flows. In versions prior to 3.1.0, the core security wrappers—secureAxiosRequest and secureFetch—designed to prevent SSRF through allow/deny lists contain multiple logic flaws. These include bypasses via DNS rebinding exploiting a Time-of-Check Time-of-Use (TOCTOU) condition, as well as a default configuration that fails to enforce any deny list. The issue is classified under CWE-918 with a CVSS v3.1 base score of 7.1 (AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L).
An attacker with low privileges, such as an authenticated user, can exploit this vulnerability over the network with high attack complexity and no user interaction required. Successful exploitation allows high-impact confidentiality and integrity violations—such as unauthorized access to internal network resources or sensitive data—along with low availability impact, potentially enabling actions like reading internal services or modifying data via forged requests.
The official GitHub security advisory (GHSA-2x8m-83vc-6wv4) confirms the vulnerability is fully fixed in Flowise version 3.1.0, recommending immediate upgrades for all prior installations to mitigate the SSRF bypass risks.
Flowise's focus on LLM workflow orchestration introduces AI/ML relevance, as exploited SSRF could potentially target internal AI model endpoints or data pipelines in deployed environments. No public evidence of real-world exploitation has been reported as of the CVE publication on 2026-04-23.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: large language model