CVE Catalog

CVE-2026-12821

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.34%

26th percentile — higher than 26% of all known CVEs

Summary

A vulnerability CVE-2026-12821 was identified in FlowiseAI Flowise up to version 3.1.2, concerning an unknown function in the file packages/components/nodes/documentloaders/S3/S3.ts related to the S3 Document Loader component. Executing a manipulation can lead to path traversal.

Risk Assessment

An attacker can remotely exploit this vulnerability, posing a risk of unauthorized access to the file system.

Recommendation

It is recommended to update to the latest version of FlowiseAI to mitigate the risks associated with this vulnerability.

Original NVD description (English source)

A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS