VYPR
← All advisories
High severity8.7NVD Advisory· Published May 14, 2026· Updated May 14, 2026

FlowiseAI: Vector Store No Permission Checks

CVE-2026-46444

Description

### FINDING 4: OpenAI Assistants Vector Store - No Auth on CRUD Operations Severity: HIGH (CVSS ~8.1) Type: CWE-306 (Missing Authentication for Critical Function) File: packages/server/src/routes/openai-assistants-vector-store/index.ts

Description: ALL CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware AND the route path /api/v1/openai-assistants-vector-store is NOT in WHITELIST_URLS. However, it is also NOT protected by the main auth middleware when accessed via API key — the route requires API key auth (not whitelisted), but NO permission checks exist on any operation.

The real issue is that the routes have no checkAnyPermission() middleware, meaning any authenticated user regardless of role can: - Create vector stores - Upload files to vector stores - Delete vector stores and files - Modify any vector store

Evidence: ``typescript // No permission middleware on any route router.post('/', controller.createAssistantVectorStore) // No permission check router.put(['/', '/:id'], controller.updateAssistantVectorStore) // No permission check router.delete(['/', '/:id'], controller.deleteAssistantVectorStore) // No permission check router.post('/:id', getMulterStorage().array('files'), controller.uploadFilesToAssistantVectorStore) // No permission check ``

Impact: Any authenticated user can manipulate OpenAI vector stores, upload malicious files, delete data, or exfiltrate stored documents regardless of their assigned permissions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Missing permission checks on OpenAI Assistants Vector Store CRUD endpoints allow any authenticated user to create, modify, delete, and upload files to vector stores.

Vulnerability

The OpenAI Assistants Vector Store endpoints in Flowise, located in packages/server/src/routes/openai-assistants-vector-store/index.ts, lack the checkAnyPermission() middleware on all CRUD operations. The routes POST /, PUT / and PUT /:id, DELETE / and DELETE /:id, and POST /:id (for file uploads) are accessible to any authenticated user without role-based authorization. This affects all versions prior to 3.1.2 [1][3][4].

Exploitation

An attacker with any valid authentication (API key or session) can directly call the unprotected endpoints. No special privileges or additional steps are required. For example, sending a POST request to /api/v1/openai-assistants-vector-store creates a new vector store, and a DELETE request removes an existing one. File uploads via POST /:id with multipart/form-data are also unrestricted.

Impact

A successful attacker can arbitrarily create, modify, and delete vector stores, upload malicious files, and exfiltrate stored documents. This compromises the confidentiality, integrity, and availability of vector store data, regardless of the user's intended permissions [3][4].

Mitigation

The issue is fixed in Flowise version 3.1.2 [1]. Users should upgrade to this release or later. No workaround is documented; the fix adds proper permission checks to all affected routes.

References
  1. Release flowise@3.1.2 · FlowiseAI/Flowise
  2. CVE-2026-46444 - GitHub Advisory Database
  3. Vector Store No Permission Checks

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.