CVE Catalog

CVE-2026-46479

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.27%

18th percentile - higher than 18% of all known CVEs

Summary

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover.

Risk Assessment

Organizations may be exposed to unauthorized access to evaluations across different workspaces, potentially leading to data leaks or manipulation of results.

Recommendation

It is recommended to upgrade to version 3.1.2 or later to patch this vulnerability and secure the system against potential attacks.

Original NVD description (English source)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeover. This issue has been patched in version 3.1.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS