CVE-2026-43995 | FlowiseAI Flowise up to 3.0.12 OpenAPI Toolkit OpenAPIToolkit.ts loadOpenApiSpec server-side request forgery

Inserito da Angelo Barbosa | Mag 6, 2026 | CVE

A vulnerability categorized as critical has been discovered in FlowiseAI Flowise up to 3.0.12. Impacted is the function loadOpenApiSpec of the file packages/components/nodes/tools/OpenAPIToolkit/OpenAPIToolkit.ts of the component OpenAPI Toolkit. The manipulation results in server-side request forgery.

This vulnerability was named CVE-2026-43995. The attack may be performed from remote. In addition, an exploit is available.

It is advisable to upgrade the affected component.

CVE-2026-43995 | FlowiseAI Flowise up to 3.0.12 OpenAPI Toolkit OpenAPIToolkit.ts loadOpenApiSpec server-side request forgery

Post correlati

CVE-2024-7733 | FastCMS up to 0.1.5 New Article Category Page cross site scripting

CVE-2023-6640 | silabs.com PC Controller up to 5.54.0 S2 Nonce Get Command Class Packet unusual condition

CVE-2026-4092 | Google Clasp up to 3.1.x Filenames path traversal

CVE-2021-4459 | SMA Boy prior 3.10.27.R path traversal (VDE-2025-066)