PatchSiren cyber security CVE debrief
CVE-2026-46475 FlowiseAI CVE debrief
CVE-2026-46475 is a HIGH-severity vulnerability in Flowise, a drag & drop user interface for building customized large language model flows. The issue, patched in version 3.1.2, allows for cross-workspace assistant takeover due to mass-assignment vulnerabilities in assistant create and update functions.
- Vendor
- FlowiseAI
- Product
- Flowise
- CVSS
- HIGH 7.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-12
Who should care
Users of Flowise, especially those hosting multi-workspace environments, should be aware of this vulnerability. Upgrading to version 3.1.2 or later is recommended.
Technical summary
CVE-2026-46475 is a vulnerability in Flowise, a tool for creating customized large language model flows. The issue arises from mass-assignment vulnerabilities in the assistant create and update functions, which allow for cross-workspace assistant takeover. This vulnerability has been patched in Flowise version 3.1.2.
Defensive priority
HIGH
Recommended defensive actions
- Upgrade Flowise to version 3.1.2 or later to mitigate the vulnerability.
Evidence notes
The CVE-2026-46475 vulnerability was published on 2026-06-08T16:16:41.810Z and modified on 2026-06-12T17:47:36.123Z. It has a CVSS score of 7.7 and is classified as HIGH severity.
Official resources
-
CVE-2026-46475 CVE record
CVE.org
-
CVE-2026-46475 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Product, Release Notes
-
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
CVE-2026-46475 was published on 2026-06-08T16:16:41.810Z and modified on 2026-06-12T17:47:36.123Z.