Tag

Tenant Isolation

2 briefs RSS

FlowiseAI Mass Assignment in Assistant Update Endpoint Allows Cross-Workspace Resource Reassignment

FlowiseAI version 3.1.1 and earlier contains a mass assignment vulnerability in the assistant update endpoint, allowing authenticated users to modify server-controlled properties like workspaceId, createdDate, and updatedDate, enabling cross-workspace reassignment of assistants and breaking tenant isolation in multi-workspace environments.

FlowiseAI mass assignment tenant isolation web application

2r 1t 1h ago

high advisory

FlowiseAI Mass Assignment Vulnerability in Variable Update Endpoint

2 rules

FlowiseAI versions 3.1.1 and earlier contain a mass assignment vulnerability in the variable update endpoint allowing authenticated users to modify server-controlled properties like workspaceId, createdDate, and updatedDate, potentially breaking tenant isolation in multi-workspace environments (CVE-2026-42861).

flowise <= 3.1.1 mass assignment tenant isolation web application

2r 1h ago