CVE-2026-46477

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

EUVD-2026-35114

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

CVE-2026-46477 Flowise: Dataset create+update mass-assignment allows cross-workspace dataset takeover

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2...

CVE-2026-46477

FlowiseAI’s CVE-2026-46477 describes a mass-assignment vulnerability in the dataset service prior to version 3.1.2. The code uses Object.assign to copy the request body into a new Dataset for create and update, allowing client-controlled fields such as workspaceId and id to overwrite persisted va...

NPM: FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover

NPM: FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...