CVE-2026-46476: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomT
highvulnerabilityLLM-Specific
security
Summary
Flowise is a drag-and-drop tool for building custom large language model workflows. Before version 3.1.2, it had a mass-assignment vulnerability (a security flaw where unintended data fields can be modified) in its CustomTemplate feature that could let attackers take over templates across different workspaces. This issue has been fixed in version 3.1.2.
Solution / Mitigation
Update to version 3.1.2, which patches this vulnerability.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Disclosure Date
June 8, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Taxonomy References
CWE (Weakness Type)
Affected Vendors
LangChain
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-46476
First tracked: June 9, 2026 at 08:09 AM
Classified by LLM (prompt v3) · confidence: 85%