CVE-2026-46479: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluat
highvulnerabilityLLM-Specific
security
Summary
Flowise is a tool with a drag-and-drop interface for building custom AI workflows. Before version 3.1.2, it had a vulnerability where mass-assignment (improperly allowing users to modify system fields they shouldn't access) let attackers take over evaluations across different workspaces, even if they didn't have permission.
Solution / Mitigation
This issue has been patched in version 3.1.2.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Disclosure Date
June 8, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Taxonomy References
CWE (Weakness Type)
Affected Vendors
LangChain
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-46479
First tracked: June 9, 2026 at 08:09 AM
Classified by LLM (prompt v3) · confidence: 92%