Tag
FlowiseAI versions 3.1.1 and earlier are vulnerable to a privilege escalation due to missing authentication and permission checks on the OpenAI Assistants Vector Store CRUD endpoints, allowing any authenticated user to create, modify, upload files to, and delete vector stores and files, regardless of their assigned permissions.