CVE-2026-42862
Received Received - Intake
Mass Assignment in FlowiseAI Prior to Version 3.1.2

Publication date: 2026-06-08

Last updated on: 2026-06-08

Assigner: GitHub, Inc.

Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a tool resource. Due to missing server-side validation and authorization checks, an attacker can manipulate the workspaceId field and reassign tools to arbitrary workspaces. This breaks tenant isolation in multi-workspace environments. This issue has been patched in version 3.1.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-08
Last Modified
2026-06-08
Generated
2026-06-09
AI Q&A
2026-06-08
EPSS Evaluated
N/A
NVD
CVE-2026-42862
EUVD
EUVD-2026-35104
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
flowiseai flowise to 3.1.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-915 The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a mass assignment flaw in the tool update endpoint of FlowiseAI versions prior to 3.1.2. Authenticated users can modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a tool resource. Because the server lacks proper validation and authorization checks, an attacker can manipulate the workspaceId field to reassign tools to arbitrary workspaces.

This means the attacker can break tenant isolation in environments where multiple workspaces exist by moving tools between workspaces without permission. The root cause is that the server merges user-supplied JSON data directly into the database entity without restricting which fields can be modified.

Impact Analysis

The vulnerability allows an attacker with low privileges to reassign tools to different workspaces, breaking tenant isolation in multi-workspace environments. This can lead to unauthorized access and modification of tools and their metadata across workspaces.

The impacts include high confidentiality and integrity risks because attackers can manipulate data they should not have access to. However, availability is not affected by this vulnerability.

Detection Guidance

This vulnerability can be detected by monitoring and inspecting requests to the tool update endpoint of FlowiseAI, specifically the PUT /api/v1/tools/{toolId} API call.

Look for authenticated requests that include unexpected or unauthorized modifications to server-controlled properties such as workspaceId, createdDate, or updatedDate in the JSON request body.

Commands or methods to detect this may include:

  • Using network traffic capture tools (e.g., tcpdump, Wireshark) to capture HTTP PUT requests to /api/v1/tools/* and analyze the JSON payload for unauthorized fields.
  • Using API gateway or web application firewall (WAF) logs to identify requests modifying workspaceId or other server-controlled fields.
  • If you have access to the server logs, search for update requests where workspaceId or createdDate/updatedDate fields are changed by users who should not have such permissions.
  • Example command to capture relevant HTTP requests with tcpdump (replace <interface> with your network interface): tcpdump -i <interface> -A -s 0 'tcp port 80 or tcp port 443' | grep -i 'PUT /api/v1/tools/'
Mitigation Strategies

The immediate and recommended mitigation is to upgrade FlowiseAI to version 3.1.2 or later, where this mass assignment vulnerability has been patched.

Until the upgrade can be performed, restrict access to the tool update endpoint to only trusted and authorized users to reduce the risk of exploitation.

Implement additional server-side validation and authorization checks to ensure that users cannot modify server-controlled properties such as workspaceId, createdDate, and updatedDate.

Monitor logs and network traffic for suspicious activity involving modification of these fields.

Compliance Impact

The vulnerability allows authenticated users to manipulate workspace assignments and metadata without proper authorization, breaking tenant isolation in multi-workspace environments.

This unauthorized access and modification can lead to confidentiality and integrity breaches of data across different tenants or workspaces.

Such breaches may impact compliance with standards and regulations like GDPR and HIPAA, which require strict access controls and data segregation to protect personal and sensitive information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42862. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart