Executive Summary

CVE-2026-43995 is a Server-Side Request Forgery (SSRF) protection bypass vulnerability in FlowiseAI's Flowise software, affecting versions up to 3.0.13 of the npm packages `flowise` and `flowise-components`.

The vulnerability exists because multiple tool implementations directly import and use raw HTTP clients like `node-fetch` or `axios` instead of using the centralized secured HTTP wrapper (`httpSecurity.ts`) that enforces SSRF protections such as deny-list validation, IP resolution checks, and loopback blocking.

This architectural enforcement failure allows attackers to bypass SSRF protections entirely by tricking the system into making unauthorized requests to internal network resources, including sensitive endpoints like cloud metadata services.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have critical impacts because it allows attackers to perform SSRF attacks that access internal network resources that should be protected.

• Attackers can access sensitive internal endpoints such as cloud metadata services, potentially leading to credential theft.
• It invalidates the security assumptions of recent patches, meaning that even patched versions remain vulnerable if the affected tools are enabled.
• This can lead to unauthorized access, data exposure, and compromise of internal systems.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by identifying whether the affected Flowise tools are directly importing and using raw HTTP clients such as node-fetch or axios instead of the centralized secured HTTP wrapper (secureFetch).

On the system or network, detection involves checking for usage of these raw HTTP clients in the codebase or monitoring network traffic for suspicious SSRF attempts targeting internal resources like cloud metadata endpoints (e.g., http://169.254.169.254/latest/meta-data/iam/security-credentials/).

• Search the codebase for direct imports of node-fetch or axios in the relevant tool files (OpenAPIToolkit.ts, WebScraperTool.ts, MCP/core.ts, Arxiv/core.ts). For example, use commands like:
• grep -r "node-fetch" ./path_to_flowise_tools/
• grep -r "axios" ./path_to_flowise_tools/
• Monitor network logs or use packet capture tools (e.g., tcpdump, Wireshark) to detect outgoing HTTP requests to internal IP addresses such as 169.254.169.254 which indicate SSRF exploitation attempts.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include refactoring the affected tools to use the centralized secureFetch() HTTP wrapper instead of directly importing raw HTTP clients like node-fetch or axios.

Additionally, implement ESLint rules to prohibit direct usage of node-fetch or axios in the codebase to enforce this practice.

As a defense-in-depth measure, apply network-level egress filtering to block unauthorized outbound requests to internal network resources such as cloud metadata endpoints.

Finally, upgrade Flowise to version 3.1.0 or later where this vulnerability is fixed.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows attackers to bypass SSRF protections and access internal network resources, including sensitive endpoints such as cloud metadata services that may contain security credentials.

Such unauthorized access and potential credential theft can lead to data breaches or unauthorized data exposure, which may violate data protection regulations like GDPR and HIPAA that require strict controls over personal and sensitive information.

Therefore, the vulnerability undermines the security assumptions of deployed systems and could result in non-compliance with these common standards and regulations due to inadequate protection of sensitive data and failure to prevent unauthorized access.

Useful 0 Not Useful 0