CVE Catalog

CVE-2026-46480

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.05%

17th percentile - higher than 17% of all known CVEs

Summary

Flowise, a user interface for building customized large language model flows, had a vulnerability prior to version 3.1.2 that allowed cross-workspace evaluator takeover through mass-assignment. This issue has been patched in version 3.1.2.

Risk Assessment

This vulnerability could lead to unauthorized access to data and functions across different workspaces, posing a serious security threat to the organization.

Recommendation

It is recommended to upgrade to version 3.1.2 or later to secure the system against these attacks.

Original NVD description (English source)

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS