Flowise before version 3.0.6 (specifically version 2.2.8 and earlier) is affected by an arbitrary file access vulnerability (CWE-73) caused by insufficient validation of the chatflowId and chatId parameters in file handling operations. Attackers can supply path-traversal strings (e.g., '../../../../../tmp') to the /api/v1/chatflows endpoint to write arbitrary files using the addBase64FilesToStorage function, and can read arbitrary files via the /api/v1/get-upload-file and /api/v1/openai-assistants-file/download endpoints through the streamStorageFile function. This vulnerability allows unauthenticated attackers to perform arbitrary file read and write operations, potentially leading to remote code execution.

An unauthenticated attacker can read and write arbitrary files on the affected system by exploiting the lack of validation on input parameters. The arbitrary file write capability increases the risk of remote code execution, which could lead to full system compromise. This vulnerability is rated critical due to the ease of exploitation (no authentication required) and the high impact on confidentiality, integrity, and availability.

A fix is available in Flowise version 3.0.6 and later. Users should upgrade to version 3.0.6 or newer to remediate this vulnerability. Until patched, restrict access to the affected API endpoints and monitor for suspicious activity related to file operations. Patch status is not explicitly confirmed in the provided data, but the version 3.0.6 is indicated as the fixed version, so upgrading is the recommended remediation.