WID-SEC-W-2026-1145
Vulnerability from csaf_certbund - Published: 2026-04-15 22:00 - Updated: 2026-04-21 22:00Summary
Flowise: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Flowise ist eine Benutzeroberfläche zur Erstellung von LLMs (Large Language Model).
Angriff: Ein Angreifer kann mehrere Schwachstellen in Flowise ausnutzen, um beliebigen Programmcode auszuführen, um Sicherheitsvorkehrungen zu umgehen, um Informationen offenzulegen, und um Dateien zu manipulieren.
Betroffene Betriebssysteme: - Linux
- UNIX
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Flowise ist eine Benutzeroberfl\u00e4che zur Erstellung von LLMs (Large Language Model).",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Flowise ausnutzen, um beliebigen Programmcode auszuf\u00fchren, um Sicherheitsvorkehrungen zu umgehen, um Informationen offenzulegen, und um Dateien zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1145 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1145.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1145 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1145"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-28g4-38q8-3cwc vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-28g4-38q8-3cwc"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-2qqc-p94c-hxwh vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2qqc-p94c-hxwh"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-2x8m-83vc-6wv4 vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-2x8m-83vc-6wv4"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-3hjv-c53m-58jj vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-3hjv-c53m-58jj"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-3prp-9gf7-4rxx vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-3prp-9gf7-4rxx"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-48m6-ch88-55mj vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-48m6-ch88-55mj"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-4jpm-cgx2-8h37 vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-4jpm-cgx2-8h37"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-5fw2-mwhh-9947 vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-5fw2-mwhh-9947"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-6f7g-v4pp-r667 vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6f7g-v4pp-r667"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-6pcv-j4jx-m4vx vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6pcv-j4jx-m4vx"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-6r77-hqx7-7vw8 vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6r77-hqx7-7vw8"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-9hrv-gvrv-6gf2 vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-9hrv-gvrv-6gf2"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-9wc7-mj3f-74xv vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-9wc7-mj3f-74xv"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-c9gw-hvqq-f33r vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-c9gw-hvqq-f33r"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-cc4f-hjpj-g9p8 vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-cc4f-hjpj-g9p8"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-cvrr-qhgw-2mm6 vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-cvrr-qhgw-2mm6"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-f228-chmx-v6j6 vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-f228-chmx-v6j6"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-f6hc-c5jr-878p vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-f6hc-c5jr-878p"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-m7mq-85xj-9x33 vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-m7mq-85xj-9x33"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-qqvm-66q4-vf5c vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-qqvm-66q4-vf5c"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-v38x-c887-992f vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-v38x-c887-992f"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-w47f-j8rh-wx87 vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-w47f-j8rh-wx87"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-w6v6-49gh-mc9w vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-w6v6-49gh-mc9w"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-x5w6-38gp-mrqh vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-x5w6-38gp-mrqh"
},
{
"category": "external",
"summary": "GitHub Security Advisory GHSA-xhmj-rg95-44hv vom 2026-04-15",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-xhmj-rg95-44hv"
}
],
"source_lang": "en-US",
"title": "Flowise: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-04-21T22:00:00.000+00:00",
"generator": {
"date": "2026-04-22T07:05:04.687+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-1145",
"initial_release_date": "2026-04-15T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-04-15T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-04-21T22:00:00.000+00:00",
"number": "2",
"summary": "CVE erg\u00e4nzt"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c3.1.0",
"product": {
"name": "Open Source Flowise \u003c3.1.0",
"product_id": "T052908"
}
},
{
"category": "product_version",
"name": "3.1.0",
"product": {
"name": "Open Source Flowise 3.1.0",
"product_id": "T052908-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:flowiseai:flowise:3.1.0"
}
}
}
],
"category": "product_name",
"name": "Flowise"
}
],
"category": "vendor",
"name": "Open Source"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-41264",
"product_status": {
"known_affected": [
"T052908"
]
},
"release_date": "2026-04-15T22:00:00.000+00:00",
"title": "CVE-2026-41264"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…