CVE-2026-46477: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset
highvulnerabilityLLM-Specific
security
Summary
Flowise, a drag-and-drop tool for building customized AI workflows, had a vulnerability before version 3.1.2 that allowed attackers to take over datasets across different workspaces through mass-assignment (a flaw where an attacker can modify object properties that shouldn't be exposed). The vulnerability has a CVSS score (a 0-10 rating of how severe a vulnerability is) of 7.7, indicating it is high severity.
Solution / Mitigation
This issue has been patched in version 3.1.2.
Vulnerability Details
EPSS (30-day exploit probability)
EPSS: 0.0%
Disclosure Date
June 8, 2026
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Taxonomy References
CWE (Weakness Type)
Affected Vendors
LangChain
Related Issues
Monthly digest — independent AI security research
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-46477
First tracked: June 9, 2026 at 08:09 AM
Classified by LLM (prompt v3) · confidence: 92%