Auth bypass in Flowiseai Flowise
CVE-2026-41277
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key (id) and…
EPSS: 0.003 (55.4th percentile) — read the EPSS interpretation.
Affected products
- Flowiseai Flowise — versions < 3.1.0
Weakness classification (CWE)
References
- https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-3prp-9gf7-4rxx (x_refsource_CONFIRM)