CVE-2026-46475: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assista
highvulnerabilityLLM-Specific
security
Summary
Flowise is a tool with a drag-and-drop interface for building customized AI workflows. Before version 3.1.2, it had a mass-assignment vulnerability (a type of security flaw where an attacker can modify data they shouldn't have access to) that allowed someone to take over assistants across different workspaces by manipulating how the system creates and updates assistants.
Solution / Mitigation
This issue has been patched in version 3.1.2. Users should update to version 3.1.2 or later.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Disclosure Date
June 8, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Taxonomy References
CWE (Weakness Type)
Affected Vendors
LangChain
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-46475
First tracked: June 9, 2026 at 08:09 AM
Classified by LLM (prompt v3) · confidence: 92%