CVE-2026-42863
Received Received - Intake
Mass Assignment in Flowise Prior to 3.1.2

Publication date: 2026-06-08

Last updated on: 2026-06-08

Assigner: GitHub, Inc.

Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-controlled properties such as deployed, isPublic, workspaceId, createdDate, and updatedDate when updating a chatflow object. Due to missing server-side validation and authorization checks, an authenticated user can manipulate internal attributes of a chatflow and reassign it to another workspace. This allows cross-workspace resource reassignment and unauthorized modification of deployment and visibility settings. This issue has been patched in version 3.1.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-08
Last Modified
2026-06-08
Generated
2026-06-09
AI Q&A
2026-06-08
EPSS Evaluated
N/A
NVD
CVE-2026-42863
EUVD
EUVD-2026-35106
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
flowiseai flowise to 3.1.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-915 The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows unauthorized modification and reassignment of chatflows across workspaces, breaking tenant isolation in multi-tenant environments. This can lead to unauthorized access and modification of sensitive data, resulting in high confidentiality and integrity loss.

Such unauthorized access and data manipulation could potentially violate compliance requirements under standards like GDPR and HIPAA, which mandate strict controls on data access, integrity, and tenant isolation to protect personal and sensitive information.

Executive Summary

This vulnerability is a Mass Assignment issue in the chatflow update endpoint of FlowiseAI versions up to 3.1.1. It allows authenticated users to modify server-controlled properties of chatflows, such as deployment status, visibility, workspace assignment, and metadata, without proper validation or authorization.

Because the endpoint accepts client input without proper checks, an attacker can reassign chatflows to different workspaces, change their deployment state, or alter visibility settings. This breaks tenant isolation in multi-tenant environments and enables unauthorized cross-workspace resource reassignment and potential workflow takeover.

The issue was fixed in version 3.1.2.

Impact Analysis

This vulnerability can lead to unauthorized modification of chatflow objects, including changing their deployment status, visibility, and workspace assignment.

It breaks tenant isolation in multi-tenant environments, allowing attackers to reassign resources across workspaces and potentially take over workflows they should not have access to.

The impact includes high confidentiality and integrity loss, as sensitive data and workflow configurations can be manipulated by attackers with low privileges and no user interaction.

Detection Guidance

Detection of this vulnerability involves monitoring and analyzing requests to the chatflow update endpoint (PUT /api/v1/chatflows/{chatflowId}) for unauthorized modifications of server-controlled properties such as deployed, isPublic, workspaceId, createdDate, and updatedDate.

Specifically, look for authenticated user requests that attempt to change these sensitive attributes, which should normally be restricted.

Commands or tools to detect such activity could include using network traffic inspection tools like tcpdump or Wireshark to capture HTTP PUT requests to the chatflow update endpoint, combined with log analysis on the server side to identify unexpected changes in chatflow properties.

For example, using curl or similar tools to simulate or monitor requests might help in testing detection rules.

Mitigation Strategies

The immediate mitigation step is to upgrade Flowise to version 3.1.2 or later, where this mass assignment vulnerability has been patched.

Until the upgrade can be applied, restrict access to the chatflow update endpoint to trusted users only and monitor for suspicious activity involving modification of server-controlled properties.

Implement additional server-side validation and authorization checks to ensure that users cannot modify properties like deployed, isPublic, workspaceId, createdDate, and updatedDate.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42863. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart