CVE-2026-46480: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluat
highvulnerabilityLLM-Specific
security
Summary
Flowise, a tool that provides a drag-and-drop interface for building customized large language model workflows, had a vulnerability in versions before 3.1.2 that allowed attackers to take over evaluators across different workspaces through mass-assignment (a type of security flaw where an attacker can modify multiple object properties at once that they shouldn't be able to change). The vulnerability has been patched in version 3.1.2.
Solution / Mitigation
Update to version 3.1.2 or later. The issue has been patched in version 3.1.2.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Disclosure Date
June 8, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
integrityconfidentiality
Taxonomy References
CWE (Weakness Type)
Affected Vendors
LangChain
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-46480
First tracked: June 9, 2026 at 08:09 AM
Classified by LLM (prompt v3) · confidence: 92%