HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-42862Published Modified CNA GitHub_M

CVE-2026-42862: Flowise: Mass Assignment in Tool Update Endpoint Allows Cross-Workspace Resource Reassignment

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a tool resource. Due to missing server-side validation and authorization checks, an attacker can manipulate the workspaceId field and reassign tools to arbitrary workspaces. This breaks tenant isolation in multi-workspace environments. This issue has been patched in version 3.1.2.

Metrics

CVSS v4.0
7.6
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A mass assignment vulnerability in the Flowise tool update endpoint allows an authenticated user to overwrite server-controlled fields, including workspaceId, when submitting a tool update request. The attack is reachable over the network with a low-privilege account and no victim interaction, though it requires meeting certain environmental conditions reflected in the high attack complexity rating. Successful exploitation breaks tenant isolation in multi-workspace deployments by reassigning tools to arbitrary workspaces, enabling cross-workspace data access and content tampering. HarborGuard tracks this advisory and will make a patched-image rebuild available at version 3.1.2 the moment the upstream fix is confirmed and published.

HarborGuard Coverage

Detection

Detection of CVE-2026-42862 is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against customer images in connected registries and CI/CD pipelines, including custom-built Flowise images. Any image running a Flowise version below 3.1.2 is flagged automatically.

Available
Triage

HarborGuard scores this CVE at 7.6 HIGH using the CVSS v4.0 vector and surfaces it with per-environment compliance policy weighting applied, so teams with stricter multi-tenancy requirements can have it promoted in priority. Findings are routed to the appropriate team inbox within each customer organization based on image ownership and policy configuration.

Available
Patch

Because no fix version has been confirmed in upstream package repositories yet, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available at Flowise 3.1.2 the moment the upstream release is verified. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be triggered automatically at that point.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The vulnerable endpoint is exposed over the network, so the attacker must be able to reach the Flowise service via HTTP.

  • AuthenticationRequired

    Any low-privilege authenticated account is sufficient; no administrative credentials are needed to send a crafted tool update request.

  • Victim interactionNot required

    The attacker sends a malformed API request directly; no action from another user or administrator is needed.

  • Attack complexityDetail

    The CVSS v4.0 vector rates attack complexity as high, indicating the attacker must satisfy specific environmental or timing conditions beyond simply sending the request.

Blast Radius

  • Reads tool definitions and associated configuration data belonging to other workspaces in a multi-tenant Flowise deployment.
  • Reassigns tools across workspace boundaries, corrupting tenant isolation and exposing one workspace's LLM flow assets to another.
  • Modifies server-controlled metadata fields (workspaceId, createdDate, updatedDate) on tool records without authorization.

How HarborGuard Handles This

Available on HarborGuard: continuous monitoring of images containing Flowise for CVE-2026-42862, with findings surfaced immediately upon CVE ingestion. Because no patched image rebuild can be produced until the upstream fix at version 3.1.2 is confirmed in package repositories, HarborGuard re-checks the advisory every ingest cycle and will trigger the rebuild automatically once the release is verified. In the interim, compensating controls worth considering include network-policy isolation that restricts access to the Flowise tool update endpoint to trusted internal clients only, egress filtering to limit lateral movement if the endpoint is reached, and review of workspace access controls to limit which accounts hold even low-privilege roles in multi-tenant deployments. For customers with auto-remediation enabled, the patched-image rebuild, regression test run, and PR against affected workloads will be initiated without manual intervention as soon as the upstream fix is available.

See how HarborGuard automates this
Affected packages
  • FlowiseAI / Flowise
    < 3.1.2
CVSS Vector
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
References