Flowise

Flowise versions before 2.1.4 are critically vulnerable to configuration injection (CVE-2024-58351) via the `overrideConfig` option in both its frontend web integration and backend Prediction API, which, due to a bypassable `vm2` sandbox, allows attackers to achieve remote code execution, sandbox escape, denial of service, server-side request forgery, prompt injection, and server variable/data exfiltration.

A mass assignment vulnerability exists in FlowiseAI's chatflow update endpoint (CVE-2026-42863), allowing authenticated users to modify server-controlled properties like `deployed`, `isPublic`, and `workspaceId` due to missing server-side validation, leading to cross-workspace resource reassignment and unauthorized modification of deployment and visibility settings.

Multiple vulnerabilities in Flowise allow an attacker to execute arbitrary code, bypass security measures, disclose information, and manipulate files.