{"data":{"id":"c0bcc338-cb9d-4ba2-ada9-3475ee728609","title":"CVE-2026-46480: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluat","summary":"Flowise, a tool that provides a drag-and-drop interface for building customized large language model workflows, had a vulnerability in versions before 3.1.2 that allowed attackers to take over evaluators across different workspaces through mass-assignment (a type of security flaw where an attacker can modify multiple object properties at once that they shouldn't be able to change). The vulnerability has been patched in version 3.1.2.","solution":"Update to version 3.1.2 or later. The issue has been patched in version 3.1.2.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-46480","publishedAt":"2026-06-08T16:16:42.600Z","cveId":"CVE-2026-46480","cweIds":["CWE-915"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Flowise"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-08T16:16:42.600Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}