{"data":{"id":"18cb661f-79e5-445f-9be9-d1ba6931caa0","title":"CVE-2026-41267: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mas","summary":"Flowise, a tool for building customized AI workflows through a drag-and-drop interface, had a security flaw in versions before 3.1.0 where attackers could inject malicious data during account registration. This JSON injection (inserting unauthorized code into data fields) vulnerability allowed unauthenticated users to manipulate important metadata like ownership and user roles, potentially breaking security boundaries in systems that host multiple separate organizations.","solution":"Update to Flowise version 3.1.0 or later, where the vulnerability is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-41267","publishedAt":"2026-04-23T20:16:15.160Z","cveId":"CVE-2026-41267","cweIds":["CWE-639","CWE-915"],"cvssScore":"8.1","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Flowise"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"network","attackComplexity":"high","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-23T20:16:15.160Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010"]}}