CVE-2026-31829 is a Server-Side Request Forgery (SSRF) vulnerability in the HTTP Node component of Flowise's AgentFlow agentic workflow engine. Within AgentFlow workflows, the HTTP Node is used to make outbound requests to external endpoints. A lack of input validation on the target URL allows an attacker-controlled workflow or an indirect prompt injection to redirect those requests to arbitrary internal endpoints.
An attacker who can influence the URL parameter in an HTTP Node — either directly through workflow configuration or indirectly through prompt injection into an upstream agent step — can use the Flowise server as a proxy to reach internal services, metadata APIs (e.g., AWS IMDS at 169.254.169.254), or other hosts on the internal network.
Flowise is one of the most widely deployed no-code/low-code agent orchestration platforms, used across enterprises for production agentic workflows. SSRF in the orchestration layer means a compromised or injected agent step can pivot into internal infrastructure, exfiltrate cloud credentials, or reach services that should never be externally reachable.
Immediate recommendation: Restrict HTTP Node targets to an explicit allowlist of trusted domains; audit all existing AgentFlow workflows for unconstrained HTTP Node configurations; apply network egress controls on Flowise deployment hosts.