FlowiseAI's Flowise product, a drag-and-drop interface for building customized large language model flows, contains a critical vulnerability identified as CVE-2026-30821 (CWE-434) affecting versions prior to 3.0.13. The vulnerability arises from the /api/v1/attachments/:chatflowId/:chatId endpoint, which is included in a whitelist allowing unauthenticated access to file uploads. The server-side validation relies solely on the MIME types listed in chatbotConfig.fullFileUpload.allowedUploadFileTypes and trusts the Content-Type header sent by the client without verifying the actual file content (magic bytes) or file extension. This design flaw enables attackers to bypass restrictions by spoofing the Content-Type header to an allowed type such as application/pdf while uploading malicious files like scripts or executables. These files are then stored persistently in backend storage systems, including Amazon S3, Google Cloud Storage, or local disk. The vulnerability becomes particularly dangerous when combined with other Flowise features such as static hosting or file retrieval mechanisms, which can be exploited to execute Stored XSS attacks, host malicious files for distribution, or achieve Remote Code Execution (RCE) on the server. The vulnerability has a CVSS 4.0 base score of 8.2, reflecting its high severity. Exploitation does not require authentication or user interaction but has a high attack complexity since chaining with other features is necessary to realize full impact. The issue was patched in Flowise version 3.0.13, and users are strongly advised to upgrade to mitigate the risk.

The impact of CVE-2026-30821 is significant for organizations using vulnerable versions of Flowise, especially those exposing the file upload API to untrusted or public networks. Successful exploitation can lead to persistent storage of malicious files, enabling attackers to conduct Stored XSS attacks that compromise user sessions and data confidentiality. Malicious file hosting can facilitate distribution of malware or phishing content, damaging organizational reputation and potentially leading to regulatory penalties. The most severe impact is the potential for Remote Code Execution (RCE), which could allow attackers to execute arbitrary code on the server, leading to full system compromise, data theft, lateral movement within networks, and disruption of services. Since the vulnerability requires no authentication and no user interaction, it poses a high risk of automated exploitation if the vulnerable endpoint is accessible. Organizations relying on Flowise for AI workflow management may face operational disruptions, data breaches, and compliance violations if this vulnerability is exploited.

To mitigate this vulnerability, organizations should immediately upgrade Flowise to version 3.0.13 or later, where the issue is patched. Beyond upgrading, administrators should implement strict server-side validation of uploaded files by verifying the actual file content using magic byte inspection and validating file extensions against allowed lists rather than relying solely on client-provided MIME types. Restrict access to the file upload API endpoint by enforcing authentication and authorization controls, limiting uploads to trusted users only. Employ network-level protections such as web application firewalls (WAFs) to detect and block suspicious upload attempts. Disable or tightly control features like static hosting or direct file retrieval that could be abused to serve malicious content. Regularly audit and monitor uploaded files stored in backend storage for unusual or unauthorized content. Implement logging and alerting on file upload activities to detect potential exploitation attempts early. Finally, conduct security awareness training for developers and administrators on secure file handling practices.