CVE-2026-12821 | FlowiseAI Flowise up to 3.1.2 S3 Document Loader S3.ts path traversal

A vulnerability classified as critical was found in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal.

This vulnerability is registered as CVE-2026-12821. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-12821 | FlowiseAI Flowise up to 3.1.2 S3 Document Loader S3.ts path traversal

Post correlati

CVE-2025-5287 | Likes and Dislikes Plugin Plugin up to 1.0.0 on WordPress post sql injection

CVE-2026-4966 | itsourcecode Free Hotel Reservation System 1.0 index.php?view=edit ID sql injection

CVE-2024-6193 | itsourcecode Vehicle Management System 1.0 driverprofile.php driverid sql injection

CVE-2025-25899 | TP-LINK TL-WR841ND Packet WanDynamicIpV6CfgRpm.htm gw denial of service