FlowiseAI Flowise S3 Document Loader S3.ts path traversal_CVE-2026-12821

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2026-12821

Source VulDB

Published Jun 21, 2026 at 23:15

Affected Product

Vendor FlowiseAI

Product Flowise

Version 3.1.0

Affected Versions FlowiseAI Flowise 3.1.0
FlowiseAI Flowise 3.1.1
FlowiseAI Flowise 3.1.2

CWE Classification

CWE-22

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2026-06-21T23:15:08.186Z",
    "modified": "2026-06-21T23:15:08.186Z",
    "type": "cve",
    "title": "FlowiseAI Flowise S3 Document Loader S3.ts path traversal",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/372611\nhttps://vuldb.com/vuln/372611/cti\nhttps://vuldb.com/cve/CVE-2026-12821\nhttps://vuldb.com/submit/837578\nhttps://github.com/dxz0069/softwareoverflow/blob/main/flowise_s3_loader_object_key_path_traversal_vulndb.md",
    "id": "CVE-2026-12821",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "FlowiseAI Flowise 3.1.0\nFlowiseAI Flowise 3.1.1\nFlowiseAI Flowise 3.1.2",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Flowise",
    "version": "3.1.0",
    "vendor": "FlowiseAI",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}