CVE-2026-56273 Overview
CVE-2026-56273 is a path traversal vulnerability [CWE-22] in Flowise versions prior to 3.1.0. The flaw resides in the Faiss and SimpleStore vector store implementations, which accept unsanitized basePath parameters from authenticated users. Attackers holding valid API tokens can direct vector store write operations to arbitrary filesystem locations outside intended directories. Successful exploitation can lead to code execution through overwritten application files or data exfiltration through attacker-controlled paths. The vulnerability requires authentication with low privileges and can be triggered over the network without user interaction.
Critical Impact
Authenticated attackers can write vector store data to arbitrary filesystem paths, enabling potential code execution or exfiltration of sensitive files on Flowise deployments.
Affected Products
- Flowise versions prior to 3.1.0
- Faiss vector store integration in Flowise
- SimpleStore vector store integration in Flowise
Discovery Timeline
- 2026-07-08 - CVE-2026-56273 published to NVD
- 2026-07-09 - Last updated in NVD database
Technical Details for CVE-2026-56273
Vulnerability Analysis
Flowise is an open-source low-code platform for building large language model (LLM) applications and agent workflows. The platform integrates multiple vector store backends, including Faiss and SimpleStore, that persist embeddings to the local filesystem. Both integrations expose a basePath parameter that specifies the target directory for vector store files.
The vulnerable code paths accept the basePath value directly from authenticated API requests without validating or canonicalizing the input. As a result, sequences such as ../ or absolute paths bypass any implicit directory boundary. An authenticated user can supply a crafted path that resolves outside the intended vector store directory. Flowise then writes serialized vector data to that location using the privileges of the Flowise process.
Root Cause
The root cause is missing input sanitization on the basePath parameter within the Faiss and SimpleStore vector store handlers. The application trusts client-supplied path values and does not enforce a canonical base directory or reject traversal sequences. This classifies as a Path Traversal weakness under [CWE-22].
Attack Vector
Exploitation requires a valid Flowise API token with permissions to configure or execute vector store operations. The attacker submits an API request specifying a basePath that traverses outside the intended directory, for example targeting configuration files, application source directories, or web-accessible paths. Flowise writes the vector store payload to the attacker-controlled location. The vulnerability is exploitable over the network without user interaction.
No verified public proof-of-concept code is available. Refer to the GitHub Security Advisory and the VulnCheck Advisory on Path Traversal for further technical details.
Detection Methods for CVE-2026-56273
Indicators of Compromise
- Unexpected files matching Faiss (.faiss, .pkl) or SimpleStore serialization formats appearing outside the configured Flowise data directory.
- Flowise API requests containing basePath values with ../ sequences, absolute paths, or references to sensitive directories.
- Modification timestamps on system or application files that correlate with authenticated Flowise vector store API calls.
Detection Strategies
- Enable verbose API request logging on the Flowise application and parse logs for basePath parameters containing traversal patterns or absolute paths.
- Monitor filesystem write activity by the Flowise process outside its designated data directory using host-based auditing tools such as auditd or eBPF sensors.
- Correlate authenticated API token usage against expected user behavior to identify anomalous vector store configuration changes.
Monitoring Recommendations
- Alert on Flowise process writes to directories containing executable code, web content, or credentials.
- Track creation of API tokens and review scope of tokens granted to non-administrative users.
- Baseline normal vector store paths in use across the environment and flag deviations.
How to Mitigate CVE-2026-56273
Immediate Actions Required
- Upgrade Flowise to version 3.1.0 or later, which addresses the path traversal in the Faiss and SimpleStore integrations.
- Rotate all Flowise API tokens after patching to invalidate any credentials that may have been used for exploitation.
- Audit the Flowise host filesystem for unexpected .faiss, .pkl, or SimpleStore files outside configured vector store directories.
Patch Information
The vendor addressed CVE-2026-56273 in Flowise 3.1.0. Details of the fix are documented in the GitHub Security Advisory GHSA-w6v6-49gh-mc9w. Administrators should follow the standard Flowise upgrade procedure and verify the running version after deployment.
Workarounds
- Restrict API token issuance to trusted operators and apply least-privilege scopes for vector store configuration endpoints.
- Run the Flowise process under a dedicated low-privilege service account with filesystem write access limited to the designated data directory.
- Deploy Flowise inside a container or chroot with read-only mounts for application code and configuration files.
- Place a reverse proxy or web application firewall in front of Flowise to block requests containing suspicious basePath values with traversal sequences.
# Configuration example: run Flowise with a restricted data directory and non-root user
useradd -r -s /usr/sbin/nologin flowise
mkdir -p /var/lib/flowise/data
chown -R flowise:flowise /var/lib/flowise
chmod 750 /var/lib/flowise/data
# systemd unit hardening (excerpt)
# User=flowise
# ProtectSystem=strict
# ReadWritePaths=/var/lib/flowise/data
# NoNewPrivileges=true
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

