8 matches found
CVE-2026-56268 Flowise - Cross-Workspace Information Disclosure via chatflows/apikey Endpoint
Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apikey/:apikey endpoint. When the keyonly query parameter is omitted the default, the endpoint returns not only the chatflows bound to the supplied API key but also all chatflows across every workspace...
CVE-2026-42861
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...
CVE-2026-46441
CVE-2026-46441 affects Flowise versions prior to 3.1.2. A mass assignment flaw allows authenticated users to modify server-controlled fields (workspaceId, createdDate, updatedDate) via PUT /api/v1/assistants/{assistantId}, enabling cross-workspace reassignment of assistants and breaking tenant is...
CVE-2026-42862
FlowiseAI (CVE-2026-42862) has a mass-assignment flaw in the tool update endpoint (PUT /api/v1/tools/{toolId}) that lets authenticated users modify server-controlled fields such as workspaceId, createdDate, and updatedDate without proper validation/authorization. This enables cross-workspace reas...
EUVD-2026-35104
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...
CVE-2026-42862 Flowise: Mass Assignment in Tool Update Endpoint Allows Cross-Workspace Resource Reassignment
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...
CVE-2026-42862
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...
CVE-2026-42861 Flowise: Mass Assignment in Variable Update Endpoint Allows Cross-Workspace Resource Reassignment
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...