Lucene search
K

8 matches found

Cvelist
Cvelist
added 2026/06/22 9:4 p.m.23 views

CVE-2026-56268 Flowise - Cross-Workspace Information Disclosure via chatflows/apikey Endpoint

Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apikey/:apikey endpoint. When the keyonly query parameter is omitted the default, the endpoint returns not only the chatflows bound to the supplied API key but also all chatflows across every workspace...

7.7CVSS0.00281EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.9 views

CVE-2026-42861

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

9.6CVSS5.5AI score0.00254EPSS
Exploits1References1
CVE
CVE
added 2026/06/08 3:30 p.m.27 views

CVE-2026-46441

CVE-2026-46441 affects Flowise versions prior to 3.1.2. A mass assignment flaw allows authenticated users to modify server-controlled fields (workspaceId, createdDate, updatedDate) via PUT /api/v1/assistants/{assistantId}, enabling cross-workspace reassignment of assistants and breaking tenant is...

9.6CVSS5.5AI score0.00274EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/08 3:25 p.m.17 views

CVE-2026-42862

FlowiseAI (CVE-2026-42862) has a mass-assignment flaw in the tool update endpoint (PUT /api/v1/tools/{toolId}) that lets authenticated users modify server-controlled fields such as workspaceId, createdDate, and updatedDate without proper validation/authorization. This enables cross-workspace reas...

7.6CVSS5.5AI score0.00195EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/06/08 3:25 p.m.8 views

EUVD-2026-35104

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

7.6CVSS5.5AI score0.00195EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/08 3:25 p.m.42 views

CVE-2026-42862 Flowise: Mass Assignment in Tool Update Endpoint Allows Cross-Workspace Resource Reassignment

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

7.6CVSS0.00195EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:25 p.m.7 views

CVE-2026-42862

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

7.6CVSS5.5AI score0.00195EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/06/08 3:25 p.m.42 views

CVE-2026-42861 Flowise: Mass Assignment in Variable Update Endpoint Allows Cross-Workspace Resource Reassignment

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId,...

7.6CVSS0.00254EPSS
Exploits1References2
Rows per page
Query Builder