Compliance Impact

The vulnerability allows cross-workspace data takeover and Insecure Direct Object Reference (IDOR) attacks, which can lead to unauthorized access to sensitive data across different workspaces.

Such unauthorized data access and potential data breaches can negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require strict controls on data confidentiality and integrity.

Because the vulnerability enables attackers with low privileges to access or modify data in other workspaces without proper authorization, it undermines the security controls necessary to meet these regulatory requirements.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-46480 is a high-severity vulnerability in FlowiseAI/Flowise versions 3.1.1 and earlier involving a mass-assignment flaw in the Evaluator entity.

The vulnerability occurs because the `Object.assign()` method copies client-controlled fields such as `workspaceId` and `id` from the request body into the Evaluator entity without proper validation or an allowlist.

This allows an authenticated user to overwrite workspace isolation by setting the `workspaceId` to another workspace's UUID during an update operation, effectively moving the evaluator to a different workspace.

As a result, attackers can perform cross-workspace data takeover and Insecure Direct Object Reference (IDOR) attacks.

The root cause is the lack of an explicit allowlist preventing sensitive fields from being overwritten by client input.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have serious impacts on confidentiality, integrity, and availability of data within Flowise.

An attacker who is an authenticated workspace member can exploit this flaw to take over evaluators in other workspaces by changing the `workspaceId` field.

This leads to unauthorized access to data and resources across workspace boundaries, breaking isolation and potentially exposing sensitive information.

Because the exploit requires low privileges and no user interaction, it is easily exploitable by any authenticated user.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves the mass-assignment of sensitive fields like workspaceId and id in the Evaluator entity via the Object.assign() method without proper validation. Detection involves monitoring or inspecting API requests that update evaluators to see if the workspaceId field is being manipulated.

You can detect potential exploitation by capturing and analyzing HTTP requests to the Flowise API endpoints responsible for evaluator updates, looking for requests where the workspaceId field is included or altered.

Suggested commands or methods include using network traffic capture tools like tcpdump or Wireshark to filter HTTP requests to the Flowise server, or using command-line tools like curl or httpie to manually test updating evaluators with and without the workspaceId field.

• Use tcpdump to capture HTTP traffic on port 80 or 443: tcpdump -i any -A 'tcp port 80 or tcp port 443'
• Use curl to test updating an evaluator and check if workspaceId can be changed: curl -X PATCH https://your-flowise-instance/api/evaluators/{evaluator_id} -H 'Authorization: Bearer <token>' -H 'Content-Type: application/json' -d '{"workspaceId": "<other-workspace-uuid>"}'
• Review server logs for suspicious update requests containing workspaceId changes.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation is to upgrade Flowise to version 3.1.2 or later, where this vulnerability has been patched.

If immediate upgrade is not possible, restrict access to the evaluator update API endpoints to trusted users only, and monitor for suspicious activity involving workspaceId changes.

Implement additional validation or filtering on the server side to prevent client-controlled fields like workspaceId and id from being overwritten during evaluator updates.

Useful 0 Not Useful 0