CVE-2024-31621

HIGH NUCLEI

Flowise <1.6.2 - RCE

Title source: llm

Description

An issue in FlowiseAI Inc Flowise v.1.6.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the api/v1 component.

Exploits (1)

exploitdb WORKING POC
by Maerifat Majeed · textwebappstypescript
https://www.exploit-db.com/exploits/52001

Nuclei Templates (1)

Flowise 1.6.5 - Authentication Bypass
HIGHVERIFIEDby DhiyaneshDK
Shodan: http.favicon.hash:-2051052918

References (2)

Scores

CVSS v3 7.6
EPSS 0.8251
EPSS Percentile 99.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Details

CWE
CWE-94
Status published
Products (2)
flowiseai/flowise < 1.6.5
npm/flowise 0 - 1.8.1npm
Published Apr 29, 2024
Tracked Since Feb 18, 2026