HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-42861Published Modified CNA GitHub_M

CVE-2026-42861: Flowise: Mass Assignment in Variable Update Endpoint Allows Cross-Workspace Resource Reassignment

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a variable resource. Due to missing server-side validation and authorization checks, an attacker can manipulate the workspaceId field and reassign variables to arbitrary workspaces. This behavior may break tenant isolation in multi-workspace environments. This issue has been patched in version 3.1.2.

Metrics

CVSS v4.0
7.6
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A mass assignment vulnerability exists in the variable update endpoint of Flowise, the drag-and-drop LLM flow builder by FlowiseAI. The endpoint is reachable over the network and requires only a low-privilege authenticated account, with no victim interaction needed; an attacker exploits it by sending crafted update requests that include server-controlled fields such as workspaceId, createdDate, and updatedDate. Successful exploitation lets the attacker reassign variables to arbitrary workspaces, breaking tenant isolation in multi-workspace deployments. A fix was shipped in Flowise 3.1.2, and a patched-image rebuild at that version is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-42861 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built Flowise images. Any image running a Flowise version below 3.1.2 is flagged in both registry scans and CI/CD pipeline checks.

Available
Triage

HarborGuard scores this CVE at 7.6 HIGH using the published CVSS v4.0 vector and applies per-environment compliance policy weighting to prioritize it appropriately within each customer org. Triage findings are routed to the team or inbox configured in the customer's notification rules, surfacing the affected image tags and the specific version boundary.

Available
Patch

A patched-image rebuild at Flowise 3.1.2 is available on HarborGuard for any environment where an affected image is detected. For customers who opt into auto-remediation, HarborGuard performs the rebuild, runs a regression test suite against the new image, and opens a pull request against affected workloads automatically.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The vulnerable endpoint is exposed over the network, so the attacker must be able to reach the Flowise service via HTTP/HTTPS.

  • AuthenticationRequired

    Any low-privilege authenticated account is sufficient; no elevated or administrative role is needed to send the crafted update request.

  • Victim interactionNot required

    The attacker acts entirely on their own by sending a crafted API request; no user needs to click a link or take any other action.

  • Attack complexityDetail

    Attack complexity is rated High, meaning the attacker may need to account for environmental factors or specific conditions such as knowing a target workspaceId, though no race condition is explicitly required.

Blast Radius

  • Reads variable values stored in the target workspace, which may include API keys, credentials, or other sensitive configuration data injected into LLM flows.
  • Reassigns variables from one tenant workspace to another, directly corrupting the resource ownership model and breaking tenant isolation.
  • Tampers with server-controlled metadata fields (workspaceId, createdDate, updatedDate), undermining audit trails and access control assumptions that downstream logic depends on.

How HarborGuard Handles This

Available on HarborGuard: images running Flowise below 3.1.2 are matched against this CVE within minutes of ingest, and a patched-image rebuild at 3.1.2 is available immediately. For customers who opt into auto-remediation, HarborGuard rebuilds the image at the fixed version, runs a regression test run, and opens a PR against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes in environments with auto-remediation enabled. Because no server-side fix exists below 3.1.2 and the vulnerability requires only a valid low-privilege account, compensating controls worth considering in the interim include network-policy rules that restrict which internal principals can reach the Flowise API, and egress filtering that limits lateral movement if a workspace is compromised. HarborGuard continues re-checking the advisory each ingest cycle and will surface any supplementary patches or backports the upstream project publishes.

See how HarborGuard automates this
Affected packages
  • FlowiseAI / Flowise
    < 3.1.2
CVSS Vector
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
References