{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/crud/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["flowise (\u003c= 3.1.1)"],"_cs_severities":["high"],"_cs_tags":["privilege-escalation","missing-authentication","crud"],"_cs_type":"threat","_cs_vendors":["FlowiseAI"],"content_html":"\u003cp\u003eFlowiseAI versions up to and including 3.1.1 are vulnerable to a critical privilege escalation issue affecting the OpenAI Assistants Vector Store. The vulnerability stems from a lack of authentication middleware and permission checks on the Create, Read, Update, and Delete (CRUD) endpoints for the vector store. Specifically, the \u003ccode\u003e/api/v1/openai-assistants-vector-store\u003c/code\u003e route, while requiring API key authentication, does not enforce any permission checks on operations. This oversight allows any authenticated user, regardless of their assigned role or permissions, to perform unrestricted actions on the vector store, including creating new stores, uploading files, deleting stores and files, and modifying existing stores.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker authenticates to the FlowiseAI instance using a valid API key.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a POST request to \u003ccode\u003e/api/v1/openai-assistants-vector-store\u003c/code\u003e to create a new vector store.\u003c/li\u003e\n\u003cli\u003eThe application, lacking permission checks, creates the new vector store without validating the user\u0026rsquo;s privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a POST request to \u003ccode\u003e/api/v1/openai-assistants-vector-store/{id}\u003c/code\u003e to upload malicious files to the created vector store, exploiting the missing checks on file upload.\u003c/li\u003e\n\u003cli\u003eThe attacker sends a PUT request to \u003ccode\u003e/api/v1/openai-assistants-vector-store/{id}\u003c/code\u003e to modify the vector store\u0026rsquo;s configuration or data.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker sends a DELETE request to \u003ccode\u003e/api/v1/openai-assistants-vector-store/{id}\u003c/code\u003e to delete vector stores and associated files.\u003c/li\u003e\n\u003cli\u003eThe application executes the requested operation without proper authorization validation, leading to data manipulation or deletion.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows any authenticated user to manipulate OpenAI vector stores within FlowiseAI. This can lead to the upload of malicious files, unauthorized deletion of sensitive data, exfiltration of stored documents, or modification of vector store configurations. This privilege escalation could allow an attacker to compromise the integrity and confidentiality of data stored within FlowiseAI.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule provided below to detect unauthorized creation of vector stores via the \u003ccode\u003e/api/v1/openai-assistants-vector-store\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule provided below to detect unauthorized deletion of vector stores and files via the \u003ccode\u003e/api/v1/openai-assistants-vector-store/{id}\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eUpgrade FlowiseAI to a patched version greater than 3.1.1 to remediate the missing authentication and permission checks.\u003c/li\u003e\n\u003cli\u003eImplement robust access control mechanisms and permission validation on all API endpoints to prevent unauthorized data manipulation.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-14T16:24:56Z","date_published":"2026-05-14T16:24:56Z","id":"https://feed.craftedsignal.io/briefs/2026-05-flowiseai-vector-store-no-auth/","summary":"FlowiseAI versions 3.1.1 and earlier are vulnerable to a privilege escalation due to missing authentication and permission checks on the OpenAI Assistants Vector Store CRUD endpoints, allowing any authenticated user to create, modify, upload files to, and delete vector stores and files, regardless of their assigned permissions.","title":"FlowiseAI OpenAI Assistants Vector Store Missing Authentication","url":"https://feed.craftedsignal.io/briefs/2026-05-flowiseai-vector-store-no-auth/"}],"language":"en","title":"CraftedSignal Threat Feed — Crud","version":"https://jsonfeed.org/version/1.1"}