Compliance Impact

The vulnerability allows cross-workspace assistant takeover, violating workspace isolation and exposing sensitive data such as large language model configurations, system prompts, and tool credentials to unauthorized users. This unauthorized data exposure can lead to breaches of confidentiality and integrity.

Such exposure of sensitive information may impact compliance with common standards and regulations like GDPR and HIPAA, which require strict controls on data access and protection of personal and sensitive data.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-46475 is a high-severity vulnerability in FlowiseAI/Flowise versions 3.1.1 and earlier that allows cross-workspace assistant takeover through mass-assignment.

The issue arises because the system uses the Object.assign() method to copy all properties from a user's request into an Assistant entity without restricting which fields can be modified.

This allows an attacker with edit permissions in one workspace to change critical fields like workspaceId and id, effectively moving an assistant from one workspace to another.

As a result, the attacker can gain unauthorized access to assistants and their sensitive data in other workspaces.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized access and control over assistants across different workspaces.

An attacker who has edit permissions in one workspace can exploit this flaw to take over assistants in other workspaces by changing their workspaceId.

This breaks workspace isolation and exposes sensitive information such as large language model configurations, system prompts, and tool credentials to unauthorized users.

The impact affects confidentiality, integrity, and availability of the affected systems.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring API requests that update assistant entities, specifically looking for suspicious changes to fields such as `workspaceId` and `id` in the Assistant controller.

Since the issue involves mass-assignment via the `Object.assign()` method copying all properties from the request body, detection involves inspecting API logs for unauthorized or unexpected modifications to these critical fields.

Suggested commands or methods include:

• Review API request logs for PATCH or PUT requests to assistant update endpoints that include changes to `workspaceId` or `id` fields.
• Use network monitoring tools (e.g., tcpdump, Wireshark) to capture and analyze traffic for suspicious API calls modifying assistant data.
• If you have access to the server logs, grep for requests containing `workspaceId` updates, for example: `grep -i 'workspaceId' /path/to/api/logs`.
• Audit user activity logs to identify authenticated users with edit permissions performing assistant updates.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade Flowise to version 3.1.2 or later, where this vulnerability has been patched.

The patch replaces the insecure mass-assignment pattern with an explicit allowlist that rejects client-controlled fields such as `workspaceId`, `id`, `createdDate`, and `updatedDate`.

Until the upgrade can be applied, restrict edit permissions to trusted users only, as exploitation requires authenticated users with edit rights.

Additionally, monitor and audit assistant update requests for suspicious changes to critical fields to detect potential exploitation attempts.

Useful 0 Not Useful 0