Executive Summary

CVE-2026-42861 is a mass assignment vulnerability in FlowiseAI versions prior to 3.1.2, specifically in the variable update endpoint. Authenticated users can modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a variable resource. Because of missing server-side validation and authorization checks, an attacker can manipulate the workspaceId field to reassign variables to arbitrary workspaces.

This allows an attacker to break tenant isolation in multi-workspace environments by reassigning variables across workspaces without proper authorization.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by allowing an attacker with low privileges and no user interaction to bypass tenant isolation in multi-workspace environments.

• Unauthorized reassignment of variables to arbitrary workspaces.
• Modification of server-controlled metadata such as createdDate and updatedDate.
• Potential compromise of confidentiality and integrity of data within the affected workspaces.

The vulnerability does not affect availability but poses a high severity risk with a CVSS score of 7.6.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability exists in the variable update endpoint of FlowiseAI versions prior to 3.1.2, specifically in the PUT /api/v1/variables/{variableId} API endpoint. Detection involves monitoring or inspecting requests to this endpoint for unauthorized modification of server-controlled properties such as workspaceId, createdDate, and updatedDate.

You can detect potential exploitation by capturing and analyzing HTTP PUT requests to /api/v1/variables/{variableId} and checking if the JSON request body contains modifications to workspaceId or other server-controlled fields.

• Use network traffic capture tools like tcpdump or Wireshark to filter HTTP PUT requests to the variable update endpoint.
• Example command to capture traffic on port 80 or 443 (adjust as needed): tcpdump -i any -A 'tcp port 80 or tcp port 443' | grep 'PUT /api/v1/variables/'
• Use curl or similar tools to manually test the endpoint by attempting to update a variable and observe if server-controlled fields can be modified without proper authorization.
• Check application logs for suspicious updates to variables where workspaceId or createdDate/updatedDate fields are changed by authenticated users.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to upgrade FlowiseAI to version 3.1.2 or later, where this mass assignment vulnerability has been patched.

Until the upgrade can be applied, restrict access to the variable update endpoint to trusted users only, and monitor for suspicious activity involving modification of workspaceId or other server-controlled properties.

Implement additional server-side validation and authorization checks if possible, to ensure that users cannot modify workspaceId or other sensitive fields.

Review and tighten API permissions and roles to limit who can update variables.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows authenticated users to manipulate server-controlled properties and reassign variables to arbitrary workspaces, potentially breaking tenant isolation in multi-workspace environments.

This breach of tenant isolation can impact confidentiality and integrity of data, which are critical aspects of compliance with standards like GDPR and HIPAA that require strict data segregation and protection.

By enabling unauthorized modification of metadata and cross-workspace data reassignment, the vulnerability could lead to unauthorized access or data leakage, thereby risking non-compliance with regulations that mandate data privacy and access controls.

Useful 0 Not Useful 0