These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-46480 is a HIGH-severity vulnerability in Flowise, a drag & drop user interface for building customized large language model flows. The issue, patched in version 3.1.2, allows cross-workspace evaluator takeover due to evaluator create and update mass-assignment.
CVE-2026-46479 is a high-severity vulnerability in Flowise, a drag & drop user interface to build customized large language model flows. The vulnerability, with a CVSS score of 7.7, allows for cross-workspace evaluation takeover due to mass-assignment issues in evaluation create and update operations. This issue was patched in version 3.1.2 of Flowise.
CVE-2026-46478 is a high-severity vulnerability in Flowise, a drag & drop user interface for building customized large language model flows. The issue, tracked as CWE-915, allows for cross-workspace row takeover due to DatasetRow create and update mass-assignment vulnerabilities prior to version 3.1.2. This vulnerability has a CVSS score of 7.7 and is considered HIGH severity.
CVE-2026-46477 is a HIGH severity vulnerability in Flowise, a drag & drop user interface to build a customized large language model flow. The vulnerability allows for cross-workspace dataset takeover due to dataset create and update mass-assignment. This issue was patched in version 3.1.2.
CVE-2026-46476 is a HIGH severity vulnerability in Flowise, a drag & drop user interface to build customized large language model flows. The issue allows for a cross-workspace template takeover due to CustomTemplate create and update mass-assignment. This vulnerability was patched in version 3.1.2.
CVE-2026-46475 is a HIGH-severity vulnerability in Flowise, a drag & drop user interface for building customized large language model flows. The issue, patched in version 3.1.2, allows for cross-workspace assistant takeover due to mass-assignment vulnerabilities in assistant create and update functions.
A vulnerability was discovered in Flowise, a drag & drop user interface for building customized large language model flows. The issue, tracked as CVE-2026-46444, affects versions prior to 3.1.2 and has a CVSS score of 8.7, indicating a high severity. The vulnerability arises from the lack of authentication middleware for all CRUD endpoints of OpenAI Assistants Vector Store, specifically the /api/v1/openai [truncated]
CVE-2026-46443 is a high-severity vulnerability in Flowise, a drag & drop user interface for building customized large language model flows. The issue allows an attacker to access encrypted data when credentials are fetched with a credentialName filter parameter. This vulnerability has been patched in version 3.1.2.
CVE-2026-46442 is a critical vulnerability in Flowise, a drag & drop user interface to build customized large language model flows. Prior to version 3.1.2, the POST /api/v1/node-custom-function endpoint lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function node. When E2B_APIKEY is not configured, Flowise executes this code insi [truncated]
A high-severity vulnerability was discovered in FlowiseAI, a drag-and-drop user interface for building customized large language model flows. The issue, tracked as CVE-2026-46441, is a mass assignment vulnerability in the assistant update endpoint. This vulnerability allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating an assista [truncated]
A critical vulnerability, CVE-2026-46440, was found in Flowise, a drag & drop user interface to build a customized large language model flow. The vulnerability has a CVSS score of 9.1 and was patched in version 3.1.2. The issue involves the checkBasicAuth endpoint validating credentials in plaintext without rate limiting and with direct comparison.
A mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI Flowise prior to version 3.1.2. This vulnerability allows an authenticated user to manipulate internal attributes of a chatflow and reassign it to another workspace, potentially leading to cross-workspace resource reassignment and unauthorized modification of deployment and visibility settings.
CVE-2026-42862 is a high-severity vulnerability in FlowiseAI Flowise, a drag-and-drop user interface for building customized large language model flows. The issue, patched in version 3.1.2, allows authenticated users to manipulate the workspaceId field and reassign tools to arbitrary workspaces, breaking tenant isolation in multi-workspace environments.
A high-severity vulnerability exists in FlowiseAI Flowise, allowing authenticated users to manipulate workspace IDs and reassign variables to arbitrary workspaces. This issue, CVE-2026-42861, has been patched in version 3.1.2.
CVE-2026-43995 affects Flowise versions before 3.1.0. According to the vendor advisory and NVD, several tool implementations used raw HTTP clients directly instead of the secured wrapper, which NVD maps to CWE-918. The issue is fixed in Flowise 3.1.0. With a CVSS 5.3 Medium score and network-based attack conditions, this is a practical patching and configuration review item for anyone exposing affected Fl [truncated]