Flowiseai

Flowise

73 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2026-46477

  • EPSS 0.34%
  • Veröffentlicht 08.06.2026 15:31:48
  • Zuletzt bearbeitet 15.06.2026 14:02:35

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. This issue has been patched in version 3.1.2.

8.8

CVE-2026-46476

  • EPSS 0.34%
  • Veröffentlicht 08.06.2026 15:31:32
  • Zuletzt bearbeitet 15.06.2026 14:04:20

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2.

8.8

CVE-2026-46475

  • EPSS 0.34%
  • Veröffentlicht 08.06.2026 15:31:09
  • Zuletzt bearbeitet 12.06.2026 17:47:36

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover. This issue has been patched in version 3.1.2.

6.5

CVE-2026-46443

Exploit
  • EPSS 0.27%
  • Veröffentlicht 08.06.2026 15:30:59
  • Zuletzt bearbeitet 11.06.2026 04:08:36

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData field is not stripped from the response. The code ...

9.9

CVE-2026-46442

Exploit
  • EPSS 0.82%
  • Veröffentlicht 08.06.2026 15:30:48
  • Zuletzt bearbeitet 11.06.2026 04:07:08

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScr...

9.6

CVE-2026-46441

Exploit
  • EPSS 0.27%
  • Veröffentlicht 08.06.2026 15:30:36
  • Zuletzt bearbeitet 11.06.2026 04:06:52

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. The endpoint allows authenticated users to modify s...

9.1

CVE-2026-46440

  • EPSS 0.25%
  • Veröffentlicht 08.06.2026 15:29:40
  • Zuletzt bearbeitet 11.06.2026 04:06:33

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting and with direct comparison. This issue has been patc...

8.1

CVE-2026-42863

Exploit
  • EPSS 0.27%
  • Veröffentlicht 08.06.2026 15:29:24
  • Zuletzt bearbeitet 11.06.2026 03:58:49

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. The endpoint allows clients to modify server-control...

5

CVE-2026-42862

Exploit
  • EPSS 0.2%
  • Veröffentlicht 08.06.2026 15:25:59
  • Zuletzt bearbeitet 11.06.2026 03:56:29

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server...

9.6

CVE-2026-42861

Exploit
  • EPSS 0.25%
  • Veröffentlicht 08.06.2026 15:25:47
  • Zuletzt bearbeitet 11.06.2026 03:53:34

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the variable update endpoint of FlowiseAI. The endpoint allows authenticated users to modify se...