npm package

flowise

pkg:npm/flowise

Vulnerabilities (63)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-46480	hig	—	< 3.1.2	3.1.2	May 14, 2026	## Summary Type: Mass assignment via `Object.assign(entity, body)` -> client-controlled `workspaceId` (and on create, `id`) overwritten on the Evaluator entity -> cross-workspace data takeover and IDOR. File: `packages/server/src/Interface.Evaluation.ts` Root cause:
CVE-2026-46479	hig	—	< 3.1.2	3.1.2	May 14, 2026	## Summary Type: Mass assignment via `Object.assign(entity, body)` -> client-controlled `workspaceId` (and on create, `id`) overwritten on the Evaluation entity -> cross-workspace data takeover and IDOR. File: `packages/server/src/services/evaluations/index.ts` **Root ca
CVE-2026-46478	hig	—	< 3.1.2	3.1.2	May 14, 2026	## Summary Type: Mass assignment via `Object.assign(entity, body)` -> client-controlled `workspaceId` (and on create, `id`) overwritten on the DatasetRow entity -> cross-workspace data takeover and IDOR. File: `packages/server/src/services/dataset/index.ts` **Root cause:
CVE-2026-46477	hig	—	< 3.1.2	3.1.2	May 14, 2026	## Summary Type: Mass assignment via `Object.assign(entity, body)` -> client-controlled `workspaceId` (and on create, `id`) overwritten on the Dataset entity -> cross-workspace data takeover and IDOR. File: `packages/server/src/services/dataset/index.ts` Root cause:
CVE-2026-46476	hig	—	< 3.1.2	3.1.2	May 14, 2026	## Summary Type: Mass assignment via `Object.assign(entity, body)` -> client-controlled `workspaceId` (and on create, `id`) overwritten on the CustomTemplate entity -> cross-workspace data takeover and IDOR. File: `packages/server/src/services/marketplaces/index.ts` **Ro
CVE-2026-46475	hig	—	< 3.1.2	3.1.2	May 14, 2026	## Summary Type: Mass assignment via `Object.assign(entity, body)` -> client-controlled `workspaceId` (and on create, `id`) overwritten on the Assistant entity -> cross-workspace data takeover and IDOR. File: `packages/server/src/services/assistants/index.ts` **Root caus
CVE-2026-46444	hig	—	< 3.1.2	3.1.2	May 14, 2026	### FINDING 4: OpenAI Assistants Vector Store - No Auth on CRUD Operations Severity: HIGH (CVSS ~8.1) Type: CWE-306 (Missing Authentication for Critical Function) File: `packages/server/src/routes/openai-assistants-vector-store/index.ts` Description: ALL CRUD end
CVE-2026-46443	hig	—	< 3.1.2	3.1.2	May 14, 2026	Severity: HIGH (CVSS ~7.5) Type: CWE-200 (Exposure of Sensitive Information) File: `packages/server/src/services/credentials/index.ts:62-71` Description: When credentials are fetched with a `credentialName` filter parameter, the `encryptedData` field is NOT strip
CVE-2026-46442	cri	—	< 3.1.2	3.1.2	May 14, 2026	### Summary `POST /api/v1/node-custom-function` lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the `Custom JS Function` node. When `E2B_APIKEY` is not configured — the common deployment case — Flowise executes this
CVE-2026-46441	hig	—	< 3.1.2	3.1.2	May 14, 2026	### Summary A Mass Assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating an assistant resource. Due to missing
CVE-2026-46440	hig	—	< 3.1.2	3.1.2	May 14, 2026	Detection Method: Kolega.dev Deep Code Scan \| Attribute \| Value \| \|---\|---\| \| Severity \| Medium \| \| CWE \| CWE-522 (Insufficiently Protected Credentials) \| \| Location \| packages/server/src/enterprise/controllers/account.controller.ts:128-135 \| \| Practical Exploitability \| Med
CVE-2026-42863	hig	—	< 3.1.2	3.1.2	May 14, 2026	### Summary A Mass Assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic, workspaceId, createdDate, and updatedDate when updating a chatflow object. Due to miss
CVE-2026-42862	hig	—	< 3.1.2	3.1.2	May 14, 2026	### Summary A Mass Assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a tool resource. Due to missing server-sid
CVE-2026-42861	hig	—	< 3.1.2	3.1.2	May 14, 2026	### Summary A Mass Assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a variable resource. Due to missing se
CVE-2026-43995	Cri	9.8	< 3.1.0	3.1.0	May 11, 2026	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP clients (node-fetch, axios) instead of using the secured wrapper. These tools include (1) OpenAPIToolkit/Open
CVE-2026-8026	Low	3.7	<= 3.0.12	—	May 6, 2026	A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can b
CVE-2026-41274	Cri	9.8	< 3.1.0	3.1.0	Apr 23, 2026	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher
CVE-2026-41279	Hig	7.5	< 3.1.0	3.1.0	Apr 23, 2026	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint (POST /api/v1/text-to-speech/generate) is whitelisted (no auth) and accepts a credentialId directly in the request body. When called wit
CVE-2026-41278	Hig	7.5	< 3.1.0	3.1.0	Apr 23, 2026	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initial
CVE-2026-41277	Hig	8.8	< 3.1.0	3.1.0	Apr 23, 2026	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key (id) and internal state fields of DocumentStore en

CVE-2026-46480higMay 14, 2026
affected < 3.1.2fixed 3.1.2
## Summary **Type:** Mass assignment via `Object.assign(entity, body)` -> client-controlled `workspaceId` (and on create, `id`) overwritten on the Evaluator entity -> cross-workspace data takeover and IDOR. **File:** `packages/server/src/Interface.Evaluation.ts` **Root cause:**
CVE-2026-46479higMay 14, 2026
affected < 3.1.2fixed 3.1.2
## Summary **Type:** Mass assignment via `Object.assign(entity, body)` -> client-controlled `workspaceId` (and on create, `id`) overwritten on the Evaluation entity -> cross-workspace data takeover and IDOR. **File:** `packages/server/src/services/evaluations/index.ts` **Root ca
CVE-2026-46478higMay 14, 2026
affected < 3.1.2fixed 3.1.2
## Summary **Type:** Mass assignment via `Object.assign(entity, body)` -> client-controlled `workspaceId` (and on create, `id`) overwritten on the DatasetRow entity -> cross-workspace data takeover and IDOR. **File:** `packages/server/src/services/dataset/index.ts` **Root cause:
CVE-2026-46477higMay 14, 2026
affected < 3.1.2fixed 3.1.2
## Summary **Type:** Mass assignment via `Object.assign(entity, body)` -> client-controlled `workspaceId` (and on create, `id`) overwritten on the Dataset entity -> cross-workspace data takeover and IDOR. **File:** `packages/server/src/services/dataset/index.ts` **Root cause:**
CVE-2026-46476higMay 14, 2026
affected < 3.1.2fixed 3.1.2
## Summary **Type:** Mass assignment via `Object.assign(entity, body)` -> client-controlled `workspaceId` (and on create, `id`) overwritten on the CustomTemplate entity -> cross-workspace data takeover and IDOR. **File:** `packages/server/src/services/marketplaces/index.ts` **Ro
CVE-2026-46475higMay 14, 2026
affected < 3.1.2fixed 3.1.2
## Summary **Type:** Mass assignment via `Object.assign(entity, body)` -> client-controlled `workspaceId` (and on create, `id`) overwritten on the Assistant entity -> cross-workspace data takeover and IDOR. **File:** `packages/server/src/services/assistants/index.ts` **Root caus
CVE-2026-46444higMay 14, 2026
affected < 3.1.2fixed 3.1.2
### FINDING 4: OpenAI Assistants Vector Store - No Auth on CRUD Operations **Severity**: HIGH (CVSS ~8.1) **Type**: CWE-306 (Missing Authentication for Critical Function) **File**: `packages/server/src/routes/openai-assistants-vector-store/index.ts` **Description**: ALL CRUD end
CVE-2026-46443higMay 14, 2026
affected < 3.1.2fixed 3.1.2
**Severity**: HIGH (CVSS ~7.5) **Type**: CWE-200 (Exposure of Sensitive Information) **File**: `packages/server/src/services/credentials/index.ts:62-71` **Description**: When credentials are fetched with a `credentialName` filter parameter, the `encryptedData` field is NOT strip
CVE-2026-46442criMay 14, 2026
affected < 3.1.2fixed 3.1.2
### Summary `POST /api/v1/node-custom-function` lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the `Custom JS Function` node. When `E2B_APIKEY` is not configured — the common deployment case — Flowise executes this
CVE-2026-46441higMay 14, 2026
affected < 3.1.2fixed 3.1.2
### Summary A Mass Assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating an assistant resource. Due to missing
CVE-2026-46440higMay 14, 2026
affected < 3.1.2fixed 3.1.2
**Detection Method:** Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Severity | Medium | | CWE | CWE-522 (Insufficiently Protected Credentials) | | Location | packages/server/src/enterprise/controllers/account.controller.ts:128-135 | | Practical Exploitability | Med
CVE-2026-42863higMay 14, 2026
affected < 3.1.2fixed 3.1.2
### Summary A Mass Assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic, workspaceId, createdDate, and updatedDate when updating a chatflow object. Due to miss
CVE-2026-42862higMay 14, 2026
affected < 3.1.2fixed 3.1.2
### Summary A Mass Assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a tool resource. Due to missing server-sid
CVE-2026-42861higMay 14, 2026
affected < 3.1.2fixed 3.1.2
### Summary A Mass Assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a variable resource. Due to missing se
CVE-2026-43995CriMay 11, 2026
affected < 3.1.0fixed 3.1.0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, multiple tool implementations directly import and invoke raw HTTP clients (node-fetch, axios) instead of using the secured wrapper. These tools include (1) OpenAPIToolkit/Open
CVE-2026-8026LowMay 6, 2026
affected <= 3.0.12
A security flaw has been discovered in FlowiseAI Flowise up to 3.0.12. Affected is the function Login of the file packages/server/src/enterprise/services/account.service.ts of the component API Response Handler. The manipulation results in information disclosure. The attack can b
CVE-2026-41274CriApr 23, 2026
affected < 3.1.0fixed 3.1.0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher
CVE-2026-41279HigApr 23, 2026
affected < 3.1.0fixed 3.1.0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint (POST /api/v1/text-to-speech/generate) is whitelisted (no auth) and accepts a credentialId directly in the request body. When called wit
CVE-2026-41278HigApr 23, 2026
affected < 3.1.0fixed 3.1.0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GET /api/v1/public-chatflows/:id endpoint returns the full chatflow object without sanitization for public chatflows. Docker validation revealed this is worse than initial
CVE-2026-41277HigApr 23, 2026
affected < 3.1.0fixed 3.1.0
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key (id) and internal state fields of DocumentStore en

Page 1 of 4