9 matches found
CVE-2026-46478
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...
CVE-2026-46478
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...
CVE-2026-46478 Flowise: DatasetRow create+update mass-assignment allows cross-workspace row takeover
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...
CVE-2026-46478 Flowise: DatasetRow create+update mass-assignment allows cross-workspace row takeover
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...
EUVD-2026-35115
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...
CVE-2026-46478
CVE-2026-46478 describes a mass‑assignment flaw in FlowiseAI’s DatasetRow handling prior to version 3.1.2. The server copies the request body onto a new DatasetRow via Object.assign, allowing client-controlled fields such as workspaceId and id to be written to the persisted row. This enables cros...
NPM: FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeover
NPM: FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeover vulnerability discovered by ? in WordPress Npm flowise versions = 3.1.1...
GHSA-7J65-65CR-6644 FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeover
Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the DatasetRow entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/dataset/index.ts Root cause: The DatasetRow controller/service constructs...
FlowiseAI: DatasetRow create+update mass-assignment allows cross-workspace row takeover
Summary Type: Mass assignment via Object.assignentity, body - client-controlled workspaceId and on create, id overwritten on the DatasetRow entity - cross-workspace data takeover and IDOR. File: packages/server/src/services/dataset/index.ts Root cause: The DatasetRow controller/service constructs...