CVE-2025-71332
Flowise Analyse et atténuation des vulnérabilités

Aperçu

CVE-2025-71332 is a SQL injection vulnerability in the importChatflows API of FlowiseAI Flowise, affecting all versions through 2.2.7. Due to insufficient validation of the chatflow.id field in imported JSON files, an authenticated user can inject arbitrary SQL into an unsanitized IN clause, enabling blind and error-based extraction of data from the credential table. The vulnerability was published on June 24, 2026, and was assigned by VulnCheck. It carries a CVSS v3.1 base score of 8.8 (High) and a CVSS v4.0 base score of 8.5 (High) (GitHub Advisory, VulnCheck).

Détails techniques

The root cause is CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), specifically in packages/server/src/services/chatflows/index.ts. The importChatflows function constructs a SQL IN clause by directly concatenating user-supplied chatflow.id values without sanitization or parameterization: ids += '${newChatflow.id}', which is then passed to WHERE cf.id IN ${ids}. An attacker can inject a payload such as aaaaaa') and if ((<subquery>)<N, 0, 9e300 * 9e300); -- to trigger error-based (arithmetic overflow) SQL injection, enabling character-by-character extraction of data. The same pattern also affects importTools and importVariables APIs (GitHub Advisory).

Impact

Successful exploitation allows an authenticated attacker to execute arbitrary SQL queries against the Flowise database, enabling full extraction of sensitive data from the credential table — including credentialName and encryptedData fields (e.g., OpenAI API keys stored as encrypted blobs). Beyond data exfiltration, the attacker can modify or delete database records, potentially disrupting service availability. The credential exposure also creates a risk of lateral movement if extracted API keys or secrets are reused across other services (GitHub Advisory).

Étapes d’exploitation

  1. Obtain credentials: Acquire valid Flowise credentials (low-privilege authenticated user account or API key) for the target instance.
  2. Identify target endpoint: Confirm the target is running Flowise ≤ 2.2.7 and that the /api/v1/chatflows/importchatflows endpoint is accessible.
  3. Inject a normal record: POST a benign JSON payload to establish a known data_id (e.g., aaaaaa) in the database, which will serve as the anchor for subsequent injections.
  4. Determine column length: Send crafted payloads with the injection pattern aaaaaa') and if (((SELECT length(encryptedData) FROM credential limit 0,1))<N, 0, 9e300 * 9e300); -- as the id field, using binary search over N to determine the length of the target column via arithmetic overflow errors (DOUBLE value is out of range).
  5. Extract data character by character: For each character position, inject aaaaaa') and if (((SELECT ascii(substr(encryptedData,I,1)) FROM credential limit 0,1))<C, 0, 9e300 * 9e300); -- and use binary search over ASCII values to reconstruct each character based on whether the overflow error is triggered.
  6. Collect credentials: Repeat for credentialName and encryptedData columns to fully extract stored API keys and secrets from the credential table (GitHub Advisory).

Indicateurs de compromis

  • Network: Repeated POST requests to /api/v1/chatflows/importchatflows from the same authenticated user in rapid succession, especially with unusual or non-UUID id field values in the JSON body.
  • Logs: Application or database logs showing SQL errors such as DOUBLE value is out of range or arithmetic overflow exceptions correlated with import API calls; high volume of near-identical import requests differing only in the id field value.
  • File System: Unexpected or malformed AllChatflows.json files with non-UUID id values (e.g., containing SQL syntax characters like ', ), --, SELECT, FROM) in upload or temp directories.
  • Database: Presence of spurious chatflow records with non-UUID IDs (e.g., aaaaaa) in the ChatFlow table, which may indicate the attacker's anchor record used during injection (GitHub Advisory).

Atténuation et solutions de contournement

No patched version has been officially released as of the advisory publication — the advisory lists "None" for patched versions, and all Flowise versions ≤ 2.2.7 are affected. The recommended remediation is to restrict all chatflow.id and chat.id values to UUID format using strict input validation, and to replace string concatenation with parameterized queries in the importChatflows, importTools, and importVariables APIs. As interim workarounds: restrict access to the importChatflows endpoint to trusted administrators only, monitor for anomalous import activity and SQL error patterns, and avoid exposing Flowise instances to untrusted networks (GitHub Advisory, VulnCheck).

Réactions de la communauté

The vulnerability was reported by security researcher Tribal1012 and published via the GitHub Security Advisory program. VulnCheck independently documented the issue and assigned the CVE. No significant broader media coverage or notable public researcher commentary beyond the advisory itself has been identified at this time (GitHub Advisory, VulnCheck).

Ressources additionnelles


SourceCe rapport a été généré à l’aide de l’IA

Apparenté Flowise Vulnérabilités:

Identifiant CVE

Sévérité

Score

Technologies

Nom du composant

Exploit CISA KEV

A corrigé

Date de publication

CVE-2026-56278CRITICAL9.3
  • Flowise logoFlowise
  • flowise
NonOuiJun 30, 2026
CVE-2026-56270HIGH8.7
  • Flowise logoFlowise
  • flowise
NonOuiJun 24, 2026
CVE-2025-71332HIGH8.5
  • Flowise logoFlowise
  • flowise
NonNonJun 24, 2026
CVE-2026-56272MEDIUM5.6
  • Flowise logoFlowise
  • flowise
NonOuiJun 24, 2026
CVE-2026-56269MEDIUM4.3
  • Flowise logoFlowise
  • flowise
NonOuiJun 24, 2026

Évaluation gratuite des vulnérabilités

Évaluez votre posture de sécurité dans le cloud

Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.

Demander une évaluation

Obtenez une démo personnalisée

Prêt(e) à voir Wiz en action ?

"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
David EstlickRSSI
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
Adam FletcherChef du service de sécurité
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."
Greg PoniatowskiResponsable de la gestion des menaces et des vulnérabilités