CVE-2025-71332
Flowise Análisis y mitigación de vulnerabilidades

Vista general

CVE-2025-71332 is a SQL injection vulnerability in the importChatflows API of FlowiseAI Flowise, affecting all versions through 2.2.7. Due to insufficient validation of the chatflow.id field in imported JSON files, an authenticated user can inject arbitrary SQL into an unsanitized IN clause, enabling blind and error-based extraction of data from the credential table. The vulnerability was published on June 24, 2026, and was assigned by VulnCheck. It carries a CVSS v3.1 base score of 8.8 (High) and a CVSS v4.0 base score of 8.5 (High) (GitHub Advisory, VulnCheck).

Técnicas

The root cause is CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), specifically in packages/server/src/services/chatflows/index.ts. The importChatflows function constructs a SQL IN clause by directly concatenating user-supplied chatflow.id values without sanitization or parameterization: ids += '${newChatflow.id}', which is then passed to WHERE cf.id IN ${ids}. An attacker can inject a payload such as aaaaaa') and if ((<subquery>)<N, 0, 9e300 * 9e300); -- to trigger error-based (arithmetic overflow) SQL injection, enabling character-by-character extraction of data. The same pattern also affects importTools and importVariables APIs (GitHub Advisory).

Impacto

Successful exploitation allows an authenticated attacker to execute arbitrary SQL queries against the Flowise database, enabling full extraction of sensitive data from the credential table — including credentialName and encryptedData fields (e.g., OpenAI API keys stored as encrypted blobs). Beyond data exfiltration, the attacker can modify or delete database records, potentially disrupting service availability. The credential exposure also creates a risk of lateral movement if extracted API keys or secrets are reused across other services (GitHub Advisory).

Pasos de explotación

  1. Obtain credentials: Acquire valid Flowise credentials (low-privilege authenticated user account or API key) for the target instance.
  2. Identify target endpoint: Confirm the target is running Flowise ≤ 2.2.7 and that the /api/v1/chatflows/importchatflows endpoint is accessible.
  3. Inject a normal record: POST a benign JSON payload to establish a known data_id (e.g., aaaaaa) in the database, which will serve as the anchor for subsequent injections.
  4. Determine column length: Send crafted payloads with the injection pattern aaaaaa') and if (((SELECT length(encryptedData) FROM credential limit 0,1))<N, 0, 9e300 * 9e300); -- as the id field, using binary search over N to determine the length of the target column via arithmetic overflow errors (DOUBLE value is out of range).
  5. Extract data character by character: For each character position, inject aaaaaa') and if (((SELECT ascii(substr(encryptedData,I,1)) FROM credential limit 0,1))<C, 0, 9e300 * 9e300); -- and use binary search over ASCII values to reconstruct each character based on whether the overflow error is triggered.
  6. Collect credentials: Repeat for credentialName and encryptedData columns to fully extract stored API keys and secrets from the credential table (GitHub Advisory).

Indicadores de compromiso

  • Network: Repeated POST requests to /api/v1/chatflows/importchatflows from the same authenticated user in rapid succession, especially with unusual or non-UUID id field values in the JSON body.
  • Logs: Application or database logs showing SQL errors such as DOUBLE value is out of range or arithmetic overflow exceptions correlated with import API calls; high volume of near-identical import requests differing only in the id field value.
  • File System: Unexpected or malformed AllChatflows.json files with non-UUID id values (e.g., containing SQL syntax characters like ', ), --, SELECT, FROM) in upload or temp directories.
  • Database: Presence of spurious chatflow records with non-UUID IDs (e.g., aaaaaa) in the ChatFlow table, which may indicate the attacker's anchor record used during injection (GitHub Advisory).

Mitigación y soluciones alternativas

No patched version has been officially released as of the advisory publication — the advisory lists "None" for patched versions, and all Flowise versions ≤ 2.2.7 are affected. The recommended remediation is to restrict all chatflow.id and chat.id values to UUID format using strict input validation, and to replace string concatenation with parameterized queries in the importChatflows, importTools, and importVariables APIs. As interim workarounds: restrict access to the importChatflows endpoint to trusted administrators only, monitor for anomalous import activity and SQL error patterns, and avoid exposing Flowise instances to untrusted networks (GitHub Advisory, VulnCheck).

Reacciones de la comunidad

The vulnerability was reported by security researcher Tribal1012 and published via the GitHub Security Advisory program. VulnCheck independently documented the issue and assigned the CVE. No significant broader media coverage or notable public researcher commentary beyond the advisory itself has been identified at this time (GitHub Advisory, VulnCheck).

Recursos adicionales


FuenteEste informe se generó utilizando IA

Relacionado Flowise Vulnerabilidades:

CVE ID

Severidad

Puntuación

Tecnologías

Nombre del componente

Exploit de CISA KEV

Tiene arreglo

Fecha de publicación

CVE-2026-56278CRITICAL9.3
  • Flowise logoFlowise
  • flowise
NoJun 30, 2026
CVE-2026-56270HIGH8.7
  • Flowise logoFlowise
  • flowise
NoJun 24, 2026
CVE-2025-71332HIGH8.5
  • Flowise logoFlowise
  • flowise
NoNoJun 24, 2026
CVE-2026-56272MEDIUM5.6
  • Flowise logoFlowise
  • flowise
NoJun 24, 2026
CVE-2026-56269MEDIUM4.3
  • Flowise logoFlowise
  • flowise
NoJun 24, 2026

Evaluación gratuita de vulnerabilidades

Compare su postura de seguridad en la nube

Evalúe sus prácticas de seguridad en la nube en 9 dominios de seguridad para comparar su nivel de riesgo e identificar brechas en sus defensas.

Solicitar evaluación

Recursos adicionales de Wiz

Obtén una demostración personalizada

¿Listo para ver a Wiz en acción?

"La mejor experiencia de usuario que he visto en mi vida, proporciona una visibilidad completa de las cargas de trabajo en la nube."
David EstlickCISO
"Wiz proporciona un panel único para ver lo que ocurre en nuestros entornos en la nube."
Adam FletcherJefe de Seguridad
"Sabemos que si Wiz identifica algo como crítico, en realidad lo es."
Greg PoniatowskiJefe de Gestión de Amenazas y Vulnerabilidades