{"data":{"id":"56e6e14c-12d2-4719-b0f1-a241e17a1a6a","title":"CVE-2026-41277: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignme","summary":"Flowise, a tool that lets users build custom AI flows through a visual interface, had a mass assignment vulnerability (a bug where user input can change database fields that shouldn't be user-controllable) in versions before 3.1.0 that allowed authenticated users to overwrite existing document storage objects and access objects from other workspaces, potentially breaking access controls (IDOR, or insecure direct object references, where an attacker can access resources by guessing their IDs).","solution":"Update Flowise to version 3.1.0 or later, where this vulnerability is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-41277","publishedAt":"2026-04-23T20:16:16.410Z","cveId":"CVE-2026-41277","cweIds":["CWE-284","CWE-639","CWE-915"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Flowise"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-23T20:16:16.410Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}