By vendor

Flowiseai vulnerabilities

Known CVEs affecting Flowiseai products, prioritized by severity, with SEC.co remediation and detection guidance.

2 published vulnerabilities

  • CVE-2026-42863HIGH 8.1

    FlowiseAI versions prior to 3.1.2 contain a mass assignment vulnerability in their chatflow update feature. An authenticated user can modify internal system properties—such as workspace assignment, deployment status, and visibility settings—that should only be controlled by administrators. This allows attackers to reassign workflows to other workspaces, change deployment states without authorization, and alter public/private visibility of chatflows. The vulnerability requires valid login credentials but no additional special access.

  • CVE-2026-42862MEDIUM 5.0

    Flowise, a popular drag-and-drop interface for building custom AI language model workflows, contains a security flaw that allows authenticated users to move tools between workspaces without proper authorization. When updating a tool, the application fails to validate who should have permission to change ownership fields like workspaceId. An attacker with legitimate access to one workspace can reassign tools to a different workspace, potentially exposing or stealing AI workflows, data pipelines, or proprietary configurations belonging to another team or customer. This breaks the isolation that multi-workspace Flowise deployments rely on to keep organizations separate.