PatchSiren cyber security CVE debrief
CVE-2026-46477 FlowiseAI CVE debrief
CVE-2026-46477 is a HIGH severity vulnerability in Flowise, a drag & drop user interface to build a customized large language model flow. The vulnerability allows for cross-workspace dataset takeover due to dataset create and update mass-assignment. This issue was patched in version 3.1.2.
- Vendor
- FlowiseAI
- Product
- Flowise
- CVSS
- HIGH 7.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-08
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-08
- Advisory updated
- 2026-06-15
Who should care
Users of Flowise should update to version 3.1.2 to mitigate this vulnerability.
Technical summary
CVE-2026-46477 is a vulnerability in Flowise, a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. The CVSS score for this vulnerability is 7.7, indicating a HIGH severity. The vulnerability was published on 2026-06-08T16:16:42.097Z and modified on 2026-06-15T14:02:35.157Z.
Defensive priority
HIGH
Recommended defensive actions
- Update Flowise to version 3.1.2 or later.
Evidence notes
The vulnerability was patched in version 3.1.2. See [ref-4](https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.1.2) for product release notes and [ref-5](https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-5h9v-837x-m97r) for mitigation and vendor advisory.
Official resources
-
CVE-2026-46477 CVE record
CVE.org
-
CVE-2026-46477 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Product, Release Notes
-
Mitigation or vendor reference
[email protected] - Mitigation, Vendor Advisory
CVE-2026-46477 was published on 2026-06-08T16:16:42.097Z and modified on 2026-06-15T14:02:35.157Z.