2 matches found
CVE-2026-56276
Flowise before 3.1.2 contains a mass assignment vulnerability in the PUT /api/v1/user endpoint that allows authenticated users to directly modify the credential field without validation. Attackers can bypass password change verification and session invalidation by supplying a crafted password has...
PT-2026-51151
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description A mass assignment issue exists in the 'PUT /api/v1/user' endpoint. This allows authenticated users to modify the credential field without proper validation. By providing a crafted password hash, an...