
PEACH
Un cadre d’isolation des locataires
CVE-2025-71332 is a SQL injection vulnerability in the importChatflows API of FlowiseAI Flowise, affecting all versions through 2.2.7. Due to insufficient validation of the chatflow.id field in imported JSON files, an authenticated user can inject arbitrary SQL into an unsanitized IN clause, enabling blind and error-based extraction of data from the credential table. The vulnerability was published on June 24, 2026, and was assigned by VulnCheck. It carries a CVSS v3.1 base score of 8.8 (High) and a CVSS v4.0 base score of 8.5 (High) (GitHub Advisory, VulnCheck).
The root cause is CWE-89 (Improper Neutralization of Special Elements used in an SQL Command), specifically in packages/server/src/services/chatflows/index.ts. The importChatflows function constructs a SQL IN clause by directly concatenating user-supplied chatflow.id values without sanitization or parameterization: ids += '${newChatflow.id}', which is then passed to WHERE cf.id IN ${ids}. An attacker can inject a payload such as aaaaaa') and if ((<subquery>)<N, 0, 9e300 * 9e300); -- to trigger error-based (arithmetic overflow) SQL injection, enabling character-by-character extraction of data. The same pattern also affects importTools and importVariables APIs (GitHub Advisory).
Successful exploitation allows an authenticated attacker to execute arbitrary SQL queries against the Flowise database, enabling full extraction of sensitive data from the credential table — including credentialName and encryptedData fields (e.g., OpenAI API keys stored as encrypted blobs). Beyond data exfiltration, the attacker can modify or delete database records, potentially disrupting service availability. The credential exposure also creates a risk of lateral movement if extracted API keys or secrets are reused across other services (GitHub Advisory).
/api/v1/chatflows/importchatflows endpoint is accessible.data_id (e.g., aaaaaa) in the database, which will serve as the anchor for subsequent injections.aaaaaa') and if (((SELECT length(encryptedData) FROM credential limit 0,1))<N, 0, 9e300 * 9e300); -- as the id field, using binary search over N to determine the length of the target column via arithmetic overflow errors (DOUBLE value is out of range).aaaaaa') and if (((SELECT ascii(substr(encryptedData,I,1)) FROM credential limit 0,1))<C, 0, 9e300 * 9e300); -- and use binary search over ASCII values to reconstruct each character based on whether the overflow error is triggered.credentialName and encryptedData columns to fully extract stored API keys and secrets from the credential table (GitHub Advisory)./api/v1/chatflows/importchatflows from the same authenticated user in rapid succession, especially with unusual or non-UUID id field values in the JSON body.DOUBLE value is out of range or arithmetic overflow exceptions correlated with import API calls; high volume of near-identical import requests differing only in the id field value.AllChatflows.json files with non-UUID id values (e.g., containing SQL syntax characters like ', ), --, SELECT, FROM) in upload or temp directories.aaaaaa) in the ChatFlow table, which may indicate the attacker's anchor record used during injection (GitHub Advisory).No patched version has been officially released as of the advisory publication — the advisory lists "None" for patched versions, and all Flowise versions ≤ 2.2.7 are affected. The recommended remediation is to restrict all chatflow.id and chat.id values to UUID format using strict input validation, and to replace string concatenation with parameterized queries in the importChatflows, importTools, and importVariables APIs. As interim workarounds: restrict access to the importChatflows endpoint to trusted administrators only, monitor for anomalous import activity and SQL error patterns, and avoid exposing Flowise instances to untrusted networks (GitHub Advisory, VulnCheck).
The vulnerability was reported by security researcher Tribal1012 and published via the GitHub Security Advisory program. VulnCheck independently documented the issue and assigned the CVE. No significant broader media coverage or notable public researcher commentary beyond the advisory itself has been identified at this time (GitHub Advisory, VulnCheck).
Source: Ce rapport a été généré à l’aide de l’IA
Évaluation gratuite des vulnérabilités
Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.
Obtenez une démo personnalisée
"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."