Product
A Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain components, allowing unauthenticated attackers to force the server to make arbitrary HTTP requests to internal and external systems by injecting malicious prompt templates.