FlowiseAI Flowise S3 Document Loader S3.ts path traversal
Description
A vulnerability was determined in FlowiseAI Flowise up to 3.1.2. The impacted element is an unknown function of the file packages/components/nodes/documentloaders/S3/S3.ts of the component S3 Document Loader. Executing a manipulation can lead to path traversal. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
Root cause
"The S3 document loader joins or resolves object-key-derived names into a local temporary path without constraining them to the intended temporary directory, allowing path traversal via crafted object keys."
Attack vector
An attacker who can influence object keys in a configured S3 source (e.g., by uploading objects with crafted keys to the bucket) can cause Flowise to write files outside the loader workspace. The object key is externally controlled through S3 bucket contents or a configured S3-compatible object store, and no final path containment check ensures the resolved path remains below the intended temp directory before write or cleanup [ref_id=1]. This is a path traversal vulnerability [CWE-22] combined with external control of file name or path [CWE-73].
Affected code
The vulnerable function resides in `packages/components/nodes/documentloaders/S3/S3.ts` (S3Directory / S3File document loader). The code derives local temporary file paths from attacker-controlled S3 object keys without constraining them to the intended temporary directory, and object keys containing traversal sequences can escape the loader temp directory [ref_id=1].
What the fix does
The advisory recommends normalizing each object key to a safe basename or explicitly rejecting absolute/traversal paths, and after joining paths, resolving both base and target and enforcing `target.relative_to(base)`. Recursive cleanup on paths influenced by untrusted object names should be avoided [ref_id=1]. No patch has been published by the vendor.
Preconditions
- inputThe attacker must be able to influence S3 object keys in a configured S3 source (e.g., upload objects with crafted keys to the bucket).
- authThe attacker must have a user account or access that allows configuring or using an S3 document loader in Flowise.
- networkThe attack is performed remotely over the network.
Generated on Jun 22, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- vuldb.com/cve/CVE-2026-12821mitrethird-party-advisory
- vuldb.com/submit/837578mitrethird-party-advisory
- github.com/dxz0069/softwareoverflow/blob/main/flowise_s3_loader_object_key_path_traversal_vulndb.mdmitrerelated
- vuldb.com/vuln/372611mitrevdb-entry
- vuldb.com/vuln/372611/ctimitresignaturepermissions-required
News mentions
0No linked articles in our index yet.