GHSA-wxrr-jp8m-qq7f: FlowiseAI: Evaluator create+update mass-assignment allows cross-workspace evaluator takeover
Summary
FlowiseAI's Evaluator feature has a mass-assignment vulnerability (a bug where client-controlled data is copied directly into server objects without filtering) that allows authenticated users to change an evaluator's `workspaceId` field, moving it to another workspace they don't own. This breaks workspace isolation (the separation that keeps different teams' data apart) and lets attackers in workspace B read, modify, and use evaluators belonging to workspace A.
Solution / Mitigation
The fix is already applied in PR https://github.com/FlowiseAI/Flowise/pull/6050. The patched code uses an allowlist pattern: instead of copying all fields from the request body via `Object.assign(...)`, the code explicitly checks each allowed field one at a time before copying it (e.g., `if (body.allowed_field_1 !== undefined) updatedEvaluator.allowed_field_1 = body.allowed_field_1`). This ensures only safe fields can be set, and `workspaceId` is no longer accepted from the client.
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-wxrr-jp8m-qq7f
First tracked: May 14, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 92%