CVE-2026-41277: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignme
Summary
Flowise, a tool that lets users build custom AI flows through a visual interface, had a mass assignment vulnerability (a bug where user input can change database fields that shouldn't be user-controllable) in versions before 3.1.0 that allowed authenticated users to overwrite existing document storage objects and access objects from other workspaces, potentially breaking access controls (IDOR, or insecure direct object references, where an attacker can access resources by guessing their IDs).
Solution / Mitigation
Update Flowise to version 3.1.0 or later, where this vulnerability is fixed.
Vulnerability Details
EPSS: 0.0%
April 23, 2026
Classification
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-41277
First tracked: April 24, 2026 at 08:10 AM
Classified by LLM (prompt v3) · confidence: 92%