VYPR
← All advisories
High severityNVD Advisory· Published May 14, 2026· Updated May 14, 2026

FlowiseAI has Mass Assignment in Variable Update Endpoint that Allows Cross-Workspace Resource Reassignment

CVE-2026-42861

Description

Summary

A Mass Assignment vulnerability exists in the variable update endpoint of FlowiseAI.

The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a variable resource.

Due to missing server-side validation and authorization checks, an attacker can manipulate the workspaceId field and reassign variables to arbitrary workspaces.

This behavior may break tenant isolation in multi-workspace environments.

Details

The endpoint responsible for updating variables:

PUT /api/v1/variables/{variableId}

accepts a JSON request body containing the variable definition.

However, the backend does not restrict which attributes can be modified by the client. As a result, user-controlled request bodies can include internal properties that should normally be controlled exclusively by the server.

Server-controlled fields that can be manipulated include:

  • workspaceId
  • createdDate
  • updatedDate

These fields appear to be directly mapped to the database entity without strict input validation or authorization checks.

For example, the following request body was accepted by the server:

{
  "name": "aaa",
  "value": "bbbe",
  "type": "static",
  "createdDate": "2016-03-06T17:59:30.000Z",
  "updatedDate": "2016-03-06T18:00:17.000Z",
  "workspaceId": "11111111-2222-3333-4444-555555555555"
}

The server accepted the attacker-controlled workspaceId and metadata fields and persisted them.

PoC

Request

PUT /api/v1/variables/<VARIABLE_ID>
Content-Type: application/json

{
  "name": "aaa",
  "value": "bbbe",
  "type": "static",
  "createdDate": "2016-03-06T17:59:30.000Z",
  "updatedDate": "2016-03-06T18:00:17.000Z",
  "workspaceId": "11111111-2222-3333-4444-555555555555"
}

Response

{
  "id": "0a2b9f61-4a97-4ff8-b80d-00275ed18674",
  "name": "aaa",
  "value": "bbbe",
  "type": "static",
  "createdDate": "2016-03-06T17:59:30.000Z",
  "updatedDate": "2026-03-06T18:05:17.000Z",
  "workspaceId": "11111111-2222-3333-4444-555555555555"
}

This confirms that the backend accepts and persists attacker-controlled internal properties.

Impact

This vulnerability allows authenticated users to manipulate internal attributes of variable resources.

Possible impacts include:

  1. Cross-workspace reassignment of variables (workspaceId)
  2. Unauthorized modification of metadata (createdDate, updatedDate)
  3. Potential tenant isolation bypass in multi-workspace deployments

In multi-tenant environments, this may allow an attacker to move variables between workspaces without authorization.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Mass Assignment in FlowiseAI variable update endpoint allows authenticated users to modify workspaceId, breaking tenant isolation.

Vulnerability

The PUT /api/v1/variables/{variableId} endpoint in FlowiseAI suffers from a Mass Assignment vulnerability. The server does not restrict which attributes can be modified by the client, allowing authenticated users to overwrite server-controlled fields such as workspaceId, createdDate, and updatedDate. This affects all versions prior to flowise@3.1.2 [1]. The endpoint directly maps the request body to the database entity without proper input validation or authorization checks [3][4].

Exploitation

An attacker with valid authentication can send a crafted PUT request to the variable update endpoint, including arbitrary values for workspaceId, createdDate, and updatedDate in the JSON body. The provided proof-of-concept demonstrates that the server accepts and persists the attacker-controlled workspaceId, effectively reassigning the variable to a different workspace [3][4]. No additional privileges or user interaction beyond authentication are required.

Impact

Successful exploitation allows an attacker to reassign variables to arbitrary workspaces, breaking tenant isolation in multi-workspace environments. This can lead to unauthorized access to variables that belong to other workspaces, potentially exposing sensitive data or disrupting intended access controls. The confidentiality and integrity of variable data across workspaces are compromised.

Mitigation

The vulnerability is fixed in flowise@3.1.2 [1]. Users should upgrade to this version or later. No workarounds have been disclosed in the available references. If upgrading is not immediately possible, consider restricting access to the variable update endpoint to trusted users only.

References
  1. Release flowise@3.1.2 · FlowiseAI/Flowise
  2. CVE-2026-42861 - GitHub Advisory Database
  3. Mass Assignment in Variable Update Endpoint Allows Cross-Workspace Resource Reassignment

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
flowisenpm
< 3.1.23.1.2

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.