CVE-2026-46441

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId...

CVE-2026-46441 Flowise: Mass Assignment in Assistant Update Endpoint Allows Cross-Workspace Resource Reassignment

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId...

CVE-2026-46441

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId...

CVE-2026-46441 Flowise: Mass Assignment in Assistant Update Endpoint Allows Cross-Workspace Resource Reassignment

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId...

EUVD-2026-35109

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId...

CVE-2026-46441

CVE-2026-46441 affects Flowise versions prior to 3.1.2. A mass assignment flaw allows authenticated users to modify server-controlled fields (workspaceId, createdDate, updatedDate) via PUT /api/v1/assistants/{assistantId}, enabling cross-workspace reassignment of assistants and breaking tenant is...

Flowise 访问控制错误漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained a access control vulnerability, which stemmed from a batch assignment vulnerability in the assistant update endpoints. This vulnerability could...

NPM: FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment

NPM: FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...