CVE-2026-41271

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0

Description A Server-Side Request Forgery (SSRF) issue exists in the POST and GET API Chain components. This allows unauthenticated attackers to force the server to make arbitrary HTTP requests to internal and external systems by injecting malicious prompt templates. This can bypass API documentation constraints and redirect requests to sensitive internal services, potentially leading to internal network reconnaissance and data exfiltration.

Recommendations Update to version 3.1.0.