Flowise - Path Traversal in Vector Store basePath

Flowise - Path Traversal in Vector Store basePath The Faiss and SimpleStore (LlamaIndex) vector store implementations accept a basePath parameter from user-controlled input and pass it directly to filesystem write operations without any sanitization. An authenticated attacker can exploit this to write vector store data to arbitrary locations on the server filesystem. Joshua Martinelle Mon, 04/20/2026 - 11:04

Flowise - Path Traversal in Vector Store basePath The Faiss and SimpleStore (LlamaIndex) vector store implementations accept a basePath parameter from user-controlled input and pass it directly to filesystem write operations without any sanitization. An authenticated attacker can exploit this to write vector store data to arbitrary locations on the server filesystem. Joshua Martinelle Mon, 04/20/2026 - 11:04 Flowise - Path Traversal in Vector Store basePath The Faiss and SimpleStore (LlamaIndex) vector store implementations accept a basePath parameter from user-controlled input and pass it directly to filesystem write operations without any sanitization. An authenticated attacker can exploit this to write vector store data to arbitrary locations on the server filesystem. Joshua Martinelle Mon, 04/20/2026 - 11:04