CVE-2026-30821 | FlowiseAI Flowise up to 3.0.12 /api/v1/attachments/ unrestricted upload (GHSA-j8g8-j7fc-43v6)

A vulnerability classified as critical has been found in FlowiseAI Flowise up to 3.0.12. Impacted is an unknown function of the file /api/v1/attachments/. The manipulation leads to unrestricted upload.

This vulnerability is uniquely identified as CVE-2026-30821. The attack is possible to be carried out remotely. No exploit exists.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More