Flowise before version 3.0.6 contains an arbitrary file read vulnerability in the chatId parameter of the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints. The vulnerability arises because the chatId value is not validated and is passed to the streamStorageFile() function, where a fallback file-lookup path is constructed without including the orgId. This fallback path is evaluated after a storage-directory containment check, which can be bypassed, allowing path traversal outside the intended storage directory. As a result, unauthenticated attackers can access sensitive files such as /root/.flowise/database.sqlite, exposing all database content under default configurations.

An unauthenticated attacker can exploit this vulnerability to read arbitrary files on the server hosting Flowise, including sensitive files like the database file containing all stored data. This exposure can lead to significant data leakage and compromise of confidential information.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since the vulnerability affects versions before 3.0.6, upgrading to version 3.0.6 or later is implied as a remediation step. Until an official fix is confirmed, restrict access to the affected endpoints and monitor for suspicious activity.