CVE-2026-12821
MediumCVSS 6.3Exploitation Probability (EPSS)
Low risk26th percentile — higher than 26% of all known CVEs
Summary
A vulnerability CVE-2026-12821 was identified in FlowiseAI Flowise up to version 3.1.2, concerning an unknown function in the file packages/components/nodes/documentloaders/S3/S3.ts related to the S3 Document Loader component. Executing a manipulation can lead to path traversal.
Risk Assessment
An attacker can remotely exploit this vulnerability, posing a risk of unauthorized access to the file system.
Recommendation
It is recommended to update to the latest version of FlowiseAI to mitigate the risks associated with this vulnerability.
Original NVD description (English source)
A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

