CVE-2026-41267
Published: 23 April 2026
Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment (JSON injection) vulnerability in the account registration endpoint of Flowise Cloud allows unauthenticated attackers to inject server-managed…
more
fields and nested objects during account creation. This enables client-controlled manipulation of ownership metadata, timestamps, organization association, and role mappings, breaking trust boundaries in a multi-tenant environment. This vulnerability is fixed in 3.1.0.
Mitigating Controls (NIST 800-53 r5)AI
Requires validation and sanitization of client-supplied JSON inputs during account registration to prevent injection and mass assignment of server-managed fields like ownership metadata and role mappings.
Enforces access control policies to mediate requests and restrict unauthorized client-side manipulation of server-controlled attributes such as timestamps, organization associations, and privileges in multi-tenant environments.
Establishes processes for secure account creation that override or ignore client-supplied values for critical attributes, ensuring proper assignment of ownership and roles server-side.
Security SummaryAI
CVE-2026-41267 is an improper mass assignment vulnerability, also described as JSON injection, affecting the account registration endpoint in Flowise Cloud prior to version 3.1.0. Flowise is a drag-and-drop user interface for building customized large language model (LLM) flows. The issue, linked to CWE-639 (Authorization Bypass Through User-Controlled Key) and CWE-915 (Improperly Controlled Modification of Dynamically-Determined Object Attributes), stems from the failure to properly restrict client-supplied input during account creation, allowing injection of server-managed fields and nested objects. It carries a CVSS v3.1 base score of 8.1 (AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity with network accessibility but high attack complexity.
Unauthenticated attackers can exploit this vulnerability remotely by submitting crafted JSON payloads during the registration process. This enables manipulation of critical server-controlled data, including ownership metadata, timestamps, organization associations, and role mappings. In Flowise Cloud's multi-tenant environment, such control breaks trust boundaries, potentially allowing attackers to escalate privileges, access or alter other users' resources, or disrupt isolation between tenants.
The vulnerability is addressed in Flowise version 3.1.0, as detailed in the GitHub Security Advisory GHSA-48m6-ch88-55mj. Security practitioners should upgrade to the patched version and review access logs for suspicious registration attempts, particularly those involving unexpected field injections.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- MITRE ATLAS Techniques
- None mapped
- Classification Reason
- Matched keywords: large language model
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability in the public-facing account registration endpoint enables exploitation of a public-facing application (T1190), facilitates creation of cloud accounts with elevated privileges (T1136.003), and manipulation of cloud roles during registration (T1098.003).