heise PlusAbo
Anzeige

AI and LLM: Critical security gaps jeopardize the Flowise low-coding platform

Attackers can compromise Flowise servers, security researchers are already reporting attacks. An update is available.

listen Print view
Stylized hologram with lock

(Image: VideoFlow/Shutterstock.com)

1 min. read
Security
By

The low-coding platform Flowise for creating AI agents and LLMs is vulnerable. The developers have closed a vulnerability in the current version.

Thwarting attacks

If attackers successfully exploit the “critical” vulnerability (CVE-2025-26319), they can use errors in the whitelist approach of the upload function to overwrite files on Flowise servers, according to a report by the discoverers of the vulnerability. Among other things, this allows them to execute their code and gain full control over servers.

The security researchers claim to have reported the vulnerability to the developers in January of this year. Meanwhile, the first attacks have been reported. It is currently unclear how and to what extent these attacks take place.

Videos by heise

In the changelog of the current Flowise version 2.2.7-patch.1, the developers state that they have closed the vulnerability.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten