CVE-2026-43995 | FlowiseAI Flowise up to 3.0.12 API Document Loader APILoader.ts axios.get pageContent server-side request forgery

A vulnerability was found in FlowiseAI Flowise up to 3.0.12. It has been declared as critical. This vulnerability affects the function axios.get of the file packages/components/nodes/documentloaders/API/APILoader.ts of the component API Document Loader Component. Executing a manipulation of the argument pageContent can lead to server-side request forgery.

This vulnerability is handled as CVE-2026-43995. The attack can be executed remotely. Additionally, an exploit exists.

It is recommended to upgrade the affected component.

CVE-2026-43995 | FlowiseAI Flowise up to 3.0.12 API Document Loader APILoader.ts axios.get pageContent server-side request forgery

Post correlati

CVE-2023-42133 | PAX POS Terminal prior 11.1.61_20240226 on Android default permission

CVE-2025-12765 | pgAdmin 4 up to 9.9 TLS Certificate certificate validation (Issue 9324)

CVE-2024-28828 | Checkmk up to 2.0.0p39/2.1.0p44/2.2.0p28/2.3.0p7 cross-site request forgery

CVE-2025-25513 | SeaCMS up to 13.3 admin_members.php sql injection