Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.9 views

CVE-2026-42863

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic,...

8.1CVSS5.3AI score0.00268EPSS
Exploits1References1
CVE
CVE
added 2026/06/08 3:29 p.m.19 views

CVE-2026-42863

Summary. FlowiseAI’s Flowise product has a mass-assignment vulnerability in the chatflow update endpoint that lets an authenticated user modify server-controlled fields (deployed, isPublic, workspaceId, createdDate, updatedDate, etc.) and reassign a chatflow to another workspace. The issue stems ...

8.1CVSS5.4AI score0.00268EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/08 3:29 p.m.42 views

CVE-2026-42863 Flowise: Mass Assignment in Chatflow Update Endpoint Allows Cross-Workspace AgentFlow Reassignment

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic,...

7.6CVSS0.00268EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.12 views

Flowise 访问控制错误漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained a access control vulnerability. This vulnerability stemmed from insufficient server-side verification and authorization checks at the chat stream upda...

8.1CVSS5.1AI score0.00268EPSS
Exploits1References2
Rows per page
Query Builder