CVE-2026-31829: Server-Side Request Forgery in Flowise HTTP Node

Vulnerability ID: CVE-2026-31829
CVSS Score: 7.1
Published: 2026-03-11

Flowise versions prior to 3.0.13 are vulnerable to a High-severity Server-Side Request Forgery (SSRF) flaw in the HTTP Node component. Attackers with access to modify chatflows can force the server to execute unauthorized requests against internal network boundaries, cloud metadata endpoints, and local services.

TL;DR

High-severity SSRF in Flowise < 3.0.13 via unvalidated HTTP Node URLs allows internal network scanning and metadata exfiltration. Fixed in 3.0.13 via IP blocklisting.

⚠️ Exploit Status: POC

Technical Details

• CWE ID: CWE-918
• Attack Vector: Network
• CVSS Score: 7.1
• Impact: High (Confidentiality & Integrity)
• Exploit Status: Proof of Concept Available
• Patch Version: 3.0.13

Affected Systems

• Flowise AgentFlow
• Flowise Chatflow
• Flowise HTTP Node
• Flowise: < 3.0.13 (Fixed in: 3.0.13)

Mitigation Strategies

• Upgrade Flowise to version 3.0.13 or later to inherit the default SSRF protections.
• Configure the HTTP_DENY_LIST environment variable to explicitly block access to sensitive internal infrastructure not covered by the default policy.
• Implement network segmentation by placing the Flowise application within a restrictive DMZ.
• Enforce IMDSv2 on AWS EC2 instances to prevent metadata extraction via simple GET requests.

Remediation Steps:

1. Identify all deployed instances of Flowise within the organization.
2. Execute the update command: pnpm update flowise@3.0.13 or pull the latest Docker image.
3. Review the .env configuration file to define necessary internal service exceptions or additions to the HTTP_DENY_LIST.
4. Test existing workflows to ensure legitimate internal API calls are not inadvertently blocked by the new security policy.

References

• GitHub Security Advisory GHSA-fvcw-9w9r-pxc7
• NVD Record CVE-2026-31829
• Flowise Issue #5785 - Error: Access to this host is denied by policy
• Flowise PR #5200 - Bugfix/Securely Fetch Links

Read the full report for CVE-2026-31829 on our website for more details including interactive diagrams and full exploit analysis.