Executive Summary

CVE-2026-46444 is a high-severity vulnerability in FlowiseAI's Flowise software versions 3.1.1 and earlier. It affects the OpenAI Assistants Vector Store CRUD endpoints, which lack proper permission checks and authentication middleware.

Specifically, all create, read, update, and delete operations for vector stores and file uploads do not enforce authorization, allowing any authenticated user to perform these actions regardless of their role.

This means unauthorized users can manipulate vector stores, upload malicious files, delete data, or exfiltrate stored documents. The root cause is the absence of the `checkAnyPermission()` middleware on these endpoints.

The vulnerability has been patched in version 3.1.2.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts on confidentiality, integrity, and availability of your data.

• Unauthorized users can manipulate vector stores, potentially corrupting or altering important data.
• Malicious files can be uploaded, which may lead to further exploitation or compromise of the system.
• Data can be deleted or exfiltrated by unauthorized users, leading to data loss or leakage.

Overall, the vulnerability poses a significant risk to system security and data protection.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if the Flowise instance is running a version prior to 3.1.2 and by testing access to the /api/v1/openai-assistants-vector-store endpoints without proper permission checks.

Specifically, you can attempt to perform CRUD operations on the OpenAI Assistants Vector Store endpoints using an authenticated API key and observe if unauthorized actions such as creating, updating, deleting vector stores, or uploading files are allowed without proper permission validation.

Example commands to test this might include using curl to send requests to these endpoints:

• curl -X GET -H "Authorization: Bearer <API_KEY>" https://<flowise-host>/api/v1/openai-assistants-vector-store
• curl -X POST -H "Authorization: Bearer <API_KEY>" -d '{"data": "test"}' https://<flowise-host>/api/v1/openai-assistants-vector-store
• curl -X DELETE -H "Authorization: Bearer <API_KEY>" https://<flowise-host>/api/v1/openai-assistants-vector-store/<id>

If these operations succeed without proper permission checks, the system is vulnerable.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate step to mitigate this vulnerability is to upgrade Flowise to version 3.1.2 or later, where the missing permission checks have been properly implemented.

Until the upgrade can be applied, restrict access to the /api/v1/openai-assistants-vector-store endpoints by limiting network access or applying additional authentication and authorization controls externally.

Additionally, monitor logs for any unauthorized access attempts to these endpoints and revoke any compromised API keys.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows unauthorized users to manipulate vector stores, upload malicious files, delete data, or exfiltrate stored documents due to missing permission checks in critical CRUD operations.

Such unauthorized access and potential data exfiltration can lead to violations of data protection regulations like GDPR and HIPAA, which require strict controls on data confidentiality, integrity, and access permissions.

Therefore, this vulnerability poses a significant risk to compliance with these common standards by exposing sensitive data to unauthorized parties.

Useful 0 Not Useful 0