CVE-2026-30821
Received Received - Intake
Unrestricted File Upload in Flowise Enables Critical Remote Code Execution

Publication date: 2026-03-07

Last updated on: 2026-03-11

Assigner: GitHub, Inc.

Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.0.13, the /api/v1/attachments/:chatflowId/:chatId endpoint is listed in WHITELIST_URLS, allowing unauthenticated access to the file upload API. While the server validates uploads based on the MIME types defined in chatbotConfig.fullFileUpload.allowedUploadFileTypes, it implicitly trusts the client-provided Content-Type header (file.mimetype) without verifying the file's actual content (magic bytes) or extension (file.originalname). Consequently, an attacker can bypass this restriction by spoofing the Content-Type as a permitted type (e.g., application/pdf) while uploading malicious scripts or arbitrary files. Once uploaded via addArrayFilesToStorage, these files persist in backend storage (S3, GCS, or local disk). This vulnerability serves as a critical entry point that, when chained with other features like static hosting or file retrieval, can lead to Stored XSS, malicious file hosting, or Remote Code Execution (RCE). This issue has been patched in version 3.0.13.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-07
Last Modified
2026-03-11
Generated
2026-05-07
AI Q&A
2026-03-07
EPSS Evaluated
2026-05-05
NVD
CVE-2026-30821
EUVD
EUVD-2026-10108
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
flowiseai flowise to 3.0.13 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-434 The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-30821 is a critical vulnerability in Flowise, a drag & drop user interface for building customized large language model flows. The issue exists in the unauthenticated file upload endpoint /api/v1/attachments/:chatflowId/:chatId, which is whitelisted to bypass authentication.

The server attempts to validate uploaded files based on MIME types provided by the client in the Content-Type header, but it does not verify the actual file content or file extension. This allows an attacker to spoof the MIME type (for example, pretending a malicious script is a PDF) and upload arbitrary files.

Uploaded files are stored persistently in backend storage such as local disk, Amazon S3, or Google Cloud Storage without proper validation. This flaw can be exploited to upload malicious scripts or files that can lead to remote code execution, stored cross-site scripting (XSS), or malicious file hosting.


How can this vulnerability impact me? :

[{'type': 'paragraph', 'content': 'This vulnerability can have severe impacts including:'}, {'type': 'list_item', 'content': 'Remote Code Execution (RCE): Attackers can upload malicious scripts or web shells that execute on the server, potentially leading to full system compromise.'}, {'type': 'list_item', 'content': "Stored Cross-Site Scripting (XSS): Malicious HTML or SVG files can be uploaded and later executed in users' browsers, risking session theft or account takeover."}, {'type': 'list_item', 'content': 'Malicious File Hosting: Attackers can host arbitrary malicious files on shared backend storage or static hosting features, potentially affecting other users or infrastructure.'}] [2]


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': "This vulnerability can be detected by monitoring and inspecting uploads to the unauthenticated endpoint /api/v1/attachments/:chatflowId/:chatId for suspicious files that have spoofed MIME types. Since the server trusts the client-provided Content-Type header without verifying the actual file content or extension, detection involves checking for files where the MIME type does not match the file's magic bytes or extension."}, {'type': 'paragraph', 'content': 'Commands to detect this may include:'}, {'type': 'list_item', 'content': 'Using network traffic inspection tools (e.g., tcpdump, Wireshark) to capture HTTP POST requests to the vulnerable endpoint and analyze the Content-Type headers and file payloads.'}, {'type': 'list_item', 'content': "On the server, listing recently uploaded files and verifying their actual file types using the 'file' command (which checks magic bytes), for example: file <uploaded_filename>"}, {'type': 'list_item', 'content': "Searching for suspicious file extensions or files that do not match their MIME type, e.g., using find and file commands: find /path/to/uploads -type f -exec file {} \\; | grep -v 'expected_mime_type'"}, {'type': 'list_item', 'content': 'Checking server logs for unauthenticated POST requests to the /api/v1/attachments endpoint.'}] [2]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include:

  • Upgrade Flowise to version 3.0.13 or later, where the vulnerability has been patched by adding proper MIME type and file extension validation for uploads.
  • Restrict or disable unauthenticated access to the /api/v1/attachments/:chatflowId/:chatId endpoint to prevent arbitrary file uploads.
  • Implement server-side validation that verifies the actual content of uploaded files (magic bytes) and enforces allowed file extensions, rather than trusting client-supplied MIME types.
  • Review and clean existing uploaded files for any suspicious or malicious content.
  • Monitor logs for unusual upload activity and consider adding additional authentication or rate limiting to file upload endpoints.

Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart