Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.12 views

CVE-2026-46440

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patched in version 3.1.2...

9.1CVSS7AI score0.00251EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 4:16 p.m.16 views

CVE-2026-46479

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2...

8.8CVSS0.00335EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.18 views

CVE-2026-46478

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This issue has been patched in version 3.1.2...

8.8CVSS0.00342EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.15 views

CVE-2026-46444

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware and the route path /api/v1/openai-assistants-vector-store is not in WHITELISTURLS. However, it i...

8.8CVSS0.00327EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 3:32 p.m.27 views

CVE-2026-46479

CVE-2026-46479 concerns FlowiseAI’s evaluation management. The vulnerability arises from using Object.assign to copy client-provided fields into a new Evaluation object, allowing an attacker to overwrite ownership fields such as workspaceId or id during create/update. This can enable cross-worksp...

8.8CVSS5.3AI score0.00335EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/08 3:30 p.m.33 views

CVE-2026-46441

CVE-2026-46441 affects Flowise versions prior to 3.1.2. A mass assignment flaw allows authenticated users to modify server-controlled fields (workspaceId, createdDate, updatedDate) via PUT /api/v1/assistants/{assistantId}, enabling cross-workspace reassignment of assistants and breaking tenant is...

9.6CVSS5.5AI score0.00274EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder