CVE-2026-46479
HIGH SEVERITYCVSS Score & Metrics
Base Score
8.8 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vulnerability Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-915
Source
GitHub
Vendor
npm
Product
flowise
External References
- https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-mq53-pc65-wjc4
- https://github.com/FlowiseAI/Flowise/pull/6050
- https://github.com/FlowiseAI/Flowise/commit/dc07f4062b852033554543a3cff3daf3433b0dac
- https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.1.2
- https://github.com/advisories/GHSA-mq53-pc65-wjc4
Discussion (0)
Add Comment
No comments yet. Be the first!