CVE-2026-46441
published 2026-06-08CVE-2026-46441: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the…
PriorityP261critical9.6CVSS 3.1
AVNACLPRLUINSCCHIHAN
EPSS
0.27%
19.0th percentile
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating an assistant resource. Due to missing server-side validation and authorization checks, an attacker can manipulate the workspaceId field and reassign assistants to arbitrary workspaces. This breaks tenant isolation in multi-workspace environments. This issue has been patched in version 3.1.2.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| flowiseai | flowise | < 3.1.2 | 3.1.2 |
| flowiseai | flowise | >= 0 < 3.1.2 | 3.1.2 |
CVSS provenance
nvdv3.19.6CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
nvdv4.07.6HIGHCVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
FlowiseAI Flowise up to 3.1.1 Assistant Update Endpoint workspaceId access control
vuldb·2026-06-08·CVSS 7.6
CVE-2026-46441 [HIGH] FlowiseAI Flowise up to 3.1.1 Assistant Update Endpoint workspaceId access control
A vulnerability classified as critical has been found in FlowiseAI Flowise up to 3.1.1. The affected element is an unknown function of the component Assistant Update Endpoint. The manipulation of the argument workspaceId leads to improper access controls.
This vulnerability is documented as CVE-2026-46441. The attack can be initiated remotely. There is not any exploit available.
It is recommended to upgrade the affected component.
GHSA
FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment
ghsa·2026-05-14
CVE-2026-46441 [HIGH] CWE-284 FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment
FlowiseAI has Mass Assignment in Assistant Update Endpoint that Allows Cross-Workspace Resource Reassignment
### Summary
A Mass Assignment vulnerability exists in the assistant update endpoint of FlowiseAI.
The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating an assistant resource.
Due to missing server-side validation and authorization checks, an attacker can manipulate the workspaceId field and reassign assistants to arbitrary workspaces. This breaks tenant isolation in multi-workspace environments.
### Details
The endpoint responsible for updating assistants:
**PUT /api/v1/assistants/{assistantId}**
accepts a JSON request body containing assistant metadata.
However, the server does not restr
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-08
Published