This mass assignment vulnerability allows authenticated attackers to overwrite existing DocumentStore objects in Flowise deployments. The flaw enables cross-workspace object takeover and broken object-level authorization in multi-tenant or multi-workspace environments. Attackers can modify or take over DocumentStore objects belonging to other users or workspaces.
Remediation
Update Flowise to version 3.1.0 or later to fix this vulnerability. Enforce additional object-level authorization checks for all DocumentStore operations in custom multi-tenant deployments. Limit workspace access to only explicitly authorized users.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.