CVE-2026-41277

CVE-2026-41277 is a mass assignment vulnerability in Flowise, an open-source drag-and-drop user interface for building customized large language model (LLM) flows. Affecting versions prior to 3.1.0, the issue resides in the DocumentStore creation endpoint, where authenticated users can manipulate the primary key (id) and internal state fields of DocumentStore entities. The backend's use of repository.save() with client-supplied primary keys turns the POST create endpoint into an implicit UPSERT operation, enabling attackers to overwrite existing DocumentStore objects. Associated CWEs include CWE-284 (Improper Access Control), CWE-639 (Authorization Bypass Through User-Controlled Key), and CWE-915 (Improperly Controlled Modification of Dynamically-Determined Object Attributes), with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Authenticated users with low privileges can exploit this vulnerability remotely over the network with no user interaction required. In multi-workspace or multi-tenant Flowise deployments, attackers can achieve cross-workspace object takeover by overwriting DocumentStore entities owned by other workspaces, bypassing object-level authorization (IDOR). This grants high confidentiality, integrity, and availability impacts, such as reassigning or modifying sensitive DocumentStore objects, potentially disrupting LLM flows or exposing data across tenants.

The official GitHub security advisory (GHSA-3prp-9gf7-4rxx) confirms the vulnerability is fixed in Flowise version 3.1.0, recommending immediate upgrades to mitigate risks. No additional workarounds are specified in the provided references.

Flowise's focus on LLM orchestration introduces AI/ML relevance, as compromised DocumentStores could tamper with model flows, embeddings, or retrieval-augmented generation components in production environments. No public evidence of real-world exploitation is available as of the CVE publication on 2026-04-23.