PT-2026-35302 · Npm · Flowise+1
Publicado
2026-04-16
·
Atualizado
2026-04-16
CVSS v4.0
6.0
Média
| Vetor | AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N |
Summary
The attacker provides an intranet address through the base url field configured in the Execute Flow node
→ Bypass checkDenyList / resolveAndValidate in httpSecurity.ts (not called)
→ Causes the server to initiate an HTTP request to any internal network address, read cloud metadata, or detect internal network services
Details
Then initiate the call:
POST /api/v1/prediction/d6739838-d3b3-43d9-86ff-911a3d757a7e HTTP/1.1
Host: 127.0.0.1:3000
Content-Type: application/json
Authorization: Bearer apikey
Content-Length: 17
{"question": "1"}Server received a request:
And there is an echo:
Fix:
Call secureFetch for verification
Impact
This is a Server-Side Request Forgery (SSRF) vulnerability that may lead to the following risks:
- Explore Internal Web Applications
- Access sensitive management interfaces
- Leak internal configuration, credentials, or confidential information
This vulnerability significantly increases the risk of internal service enumeration and potential lateral movement in enterprise environments.
Correção
SSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Flowise
Flowise-Components