{"data":{"id":"a318dacb-d6e7-45e7-829a-d90a82da319b","title":"CVE-2026-46476: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomT","summary":"Flowise is a drag-and-drop tool for building custom large language model workflows. Before version 3.1.2, it had a mass-assignment vulnerability (a security flaw where unintended data fields can be modified) in its CustomTemplate feature that could let attackers take over templates across different workspaces. This issue has been fixed in version 3.1.2.","solution":"Update to version 3.1.2, which patches this vulnerability.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-46476","publishedAt":"2026-06-08T16:16:41.950Z","cveId":"CVE-2026-46476","cweIds":["CWE-915"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Flowise"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-08T16:16:41.950Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}