CVE-2026-46477
Received Received - Intake
Cross-Workspace Dataset Takeover in Flowise

Publication date: 2026-06-08

Last updated on: 2026-06-08

Assigner: GitHub, Inc.

Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-08
Last Modified
2026-06-08
Generated
2026-06-09
AI Q&A
2026-06-08
EPSS Evaluated
N/A
NVD
CVE-2026-46477
EUVD
EUVD-2026-35114
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
flowiseai flowise to 3.1.2 (exc)
flowiseai flowise 3.1.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-915 The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-46477 is a high-severity vulnerability in Flowise, a drag & drop interface for building customized large language model flows. The issue exists in versions 3.1.1 and earlier, where the Dataset create and update functions use a mass-assignment method that copies client-controlled fields such as workspaceId and id directly into the Dataset entity without proper validation.

This flaw allows an authenticated user with edit permissions to overwrite workspace ownership by changing the workspaceId field, enabling cross-workspace dataset takeover. Essentially, an attacker in one workspace can transfer ownership of a dataset to another workspace, gaining unauthorized access to sensitive data.

The root cause is the use of Object.assign() in the code, which merges the request body into a new Dataset object without an allowlist to block sensitive fields. This vulnerability was patched in version 3.1.2 by replacing Object.assign() with an explicit allowlist that prevents client input from modifying fields like workspaceId and id.

Impact Analysis

This vulnerability can have serious impacts on confidentiality, integrity, and availability of your data within Flowise.

  • An attacker with authenticated access and edit permissions can take over datasets across different workspaces by changing ownership.
  • This unauthorized access exposes sensitive training and evaluation data to users who should not have access.
  • It compromises data integrity by allowing unauthorized modification of datasets.
  • The attack requires low complexity and minimal privileges, making it easier to exploit.
Detection Guidance

This vulnerability involves unauthorized modification of sensitive fields like workspaceId and id in Dataset create and update API requests. Detection involves monitoring API requests for suspicious changes to these fields.

You can detect potential exploitation by inspecting API traffic or logs for Dataset create or update requests that include client-controlled fields such as workspaceId or id being set or changed.

Suggested commands or methods include:

  • Use network traffic capture tools (e.g., tcpdump, Wireshark) to filter HTTP requests to the Dataset API endpoints and look for payloads containing workspaceId or id fields.
  • Query application logs or audit logs for Dataset update or create operations where workspaceId or id fields are modified by users.
  • Example command to capture HTTP POST/PUT requests to Dataset endpoints (adjust interface and ports accordingly): tcpdump -i eth0 -A -s 0 'tcp port 80 or tcp port 443' | grep -iE 'workspaceId|id'
  • Use API testing tools (e.g., curl, Postman) to attempt Dataset update requests with workspaceId or id fields to verify if the system improperly accepts these fields.
Mitigation Strategies

The primary mitigation is to upgrade Flowise to version 3.1.2 or later, where the vulnerability has been patched.

The patch replaces the insecure use of Object.assign() with an explicit allowlist pattern that blocks client-controlled fields such as workspaceId, id, createdDate, and updatedDate from being accepted in Dataset create or update requests.

Until the upgrade can be applied, restrict Dataset update and create permissions to trusted users only, and monitor API requests for suspicious modifications to workspaceId or id fields.

Additionally, review and tighten access controls and audit logs to detect and prevent unauthorized workspace dataset takeovers.

Compliance Impact

This vulnerability allows an authenticated user to take over datasets across different workspaces by modifying sensitive fields such as workspace ownership. This unauthorized access can lead to exposure of sensitive training and evaluation data to users who should not have access.

Such unauthorized data exposure and modification can violate data protection principles required by common standards and regulations like GDPR and HIPAA, which mandate strict controls on data confidentiality, integrity, and access authorization.

Therefore, exploitation of this vulnerability could result in non-compliance with these regulations due to improper access controls and potential data breaches.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46477. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart