{"data":{"id":"b3447ff6-40dd-486a-ae70-55c774e3c43c","title":"CVE-2026-46475: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assista","summary":"Flowise is a tool with a drag-and-drop interface for building customized AI workflows. Before version 3.1.2, it had a mass-assignment vulnerability (a type of security flaw where an attacker can modify data they shouldn't have access to) that allowed someone to take over assistants across different workspaces by manipulating how the system creates and updates assistants.","solution":"This issue has been patched in version 3.1.2. Users should update to version 3.1.2 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-46475","publishedAt":"2026-06-08T16:16:41.810Z","cveId":"CVE-2026-46475","cweIds":["CWE-915"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Flowise"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-08T16:16:41.810Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}