Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key (id) and internal state fields of DocumentStore entities. Because the service uses repository.save() with a client-supplied primary key, the POST create endpoint behaves as an implicit UPSERT operation. This enables overwriting existing DocumentStore objects. In multi-workspace or multi-tenant deployments, this can lead to cross-workspace object takeover and broken object-level authorization (IDOR), allowing an attacker to reassign or modify DocumentStore objects belonging to other workspaces. This vulnerability is fixed in 3.1.0.
Published: 2026-04-23
Score: 7.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a mass assignment issue in Flowise’s DocumentStore creation endpoint. By supplying a custom primary key and internal state fields, an authenticated user can cause the backend to perform an implicit UPSERT, thereby overwriting an existing DocumentStore object belonging to a different workspace. This breaks object‑level authorization and enables an attacker to tamper with or take over data that should be protected. The weakness is reflected in CWE‑284, CWE‑639, and CWE‑915.

Affected Systems

Flowise, the open‑source drag‑and‑drop interface for building large language model pipelines, is affected for all versions earlier than 3.1.0. The issue manifests in deployments configured for multiple workspaces or tenants, where separate user groups share the same instance of the service. The affected component is the DocumentStore create endpoint exposed via HTTP POST, which accepts client‑supplied identifiers that are persisted without adequate validation.

Risk and Exploitability

The CVSS v3 score of 7.6 indicates a high severity, and while the EPSS score is below 1%, the vulnerability can be exploited by any authenticated user, making it potentially easier to compromise in production environments. Because the bug involves implicit UPSERT semantics, an attacker does not need administrative privileges but does require valid credentials to identify a target workspace’s DocumentStore ID. The attack is not listed in CISA KEV at this time, suggesting no publicly known exploitation yet, but the nature of the flaw warrants immediate attention.

Generated by OpenCVE AI on April 28, 2026 at 07:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Flowise to version 3.1.0 or later, where the mass assignment bug is fixed.
  • Restrict the POST create endpoint to enforce that the primary key is generated by the server and reject any client‑supplied ID values if an upgrade is not yet possible.
  • Implement strict workspace‑based authorization checks to ensure that only users belonging to the same workspace can create or modify DocumentStore objects, thereby preventing cross‑workspace takeover.
  • Review all integration points that programmatically create DocumentStore entities and validate that they do not bypass the updated security controls.

Generated by OpenCVE AI on April 28, 2026 at 07:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-3prp-9gf7-4rxx Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)
History

Sat, 25 Apr 2026 02:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 24 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Flowiseai
Flowiseai flowise
CPEs cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*
Vendors & Products Flowiseai
Flowiseai flowise
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Thu, 23 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Description Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key (id) and internal state fields of DocumentStore entities. Because the service uses repository.save() with a client-supplied primary key, the POST create endpoint behaves as an implicit UPSERT operation. This enables overwriting existing DocumentStore objects. In multi-workspace or multi-tenant deployments, this can lead to cross-workspace object takeover and broken object-level authorization (IDOR), allowing an attacker to reassign or modify DocumentStore objects belonging to other workspaces. This vulnerability is fixed in 3.1.0.
Title Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)
Weaknesses CWE-284
CWE-639
CWE-915
References
Metrics cvssV4_0

{'score': 7.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Flowiseai Flowise
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-25T01:31:29.281Z

Reserved: 2026-04-18T14:01:46.802Z

Link: CVE-2026-41277

cve-icon Vulnrichment

Updated: 2026-04-25T01:30:53.138Z

cve-icon NVD

Status : Modified

Published: 2026-04-23T20:16:16.410

Modified: 2026-04-25T02:16:02.837

Link: CVE-2026-41277

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T07:30:26Z

Weaknesses