CVE-2026-46478: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, Dataset
highvulnerabilityLLM-Specific
security
Summary
Flowise is a visual tool for building customized LLM (large language model) workflows. Before version 3.1.2, it had a mass-assignment vulnerability (a flaw where attackers can modify object properties they shouldn't access) that allowed users to take over dataset rows across different workspaces, with a high severity rating of 7.7.
Solution / Mitigation
This issue has been patched in version 3.1.2. Users should update Flowise to version 3.1.2 or later.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Disclosure Date
June 8, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Taxonomy References
CWE (Weakness Type)
Affected Vendors
LangChain
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-46478
First tracked: June 9, 2026 at 08:09 AM
Classified by LLM (prompt v3) · confidence: 92%