Which versions of Flowise are affected by CVE-2026-46444?

Flowise versions prior to 3.1.2 contain authorization bypass flaws in the OpenAI Assistants Vector Store API that allow any authenticated user to access, modify, or delete vector stores across all…. A patch is available.

How to fix or mitigate CVE-2026-46444?

Within 24 hours: Inventory all Flowise deployments and document current versions and vector store contents. Within 7 days: Apply Flowise 3.1.2 patch to all instances; test in non-production environment first. Within 30 days: Audit vector store access logs for unauthorized operations; review user role assignments; implement network segmentation to restrict API access to trusted clients.

Flowise CVE-2026-46444

HIGH

Missing Authorization (CWE-862)

2026-05-14 https://github.com/FlowiseAI/Flowise

GHSA-hmg2-jjjx-jcp2

Authentication Bypass

Lifecycle Timeline

Source Code Evidence Fetched

May 14, 2026 - 21:45 vuln.today

Analysis Generated

May 14, 2026 - 21:45 vuln.today

CVE Published

May 14, 2026 - 16:19 nvd

HIGH

DescriptionNVD

FINDING 4: OpenAI Assistants Vector Store - No Auth on CRUD Operations

Severity: HIGH (CVSS ~8.1) Type: CWE-306 (Missing Authentication for Critical Function) File: packages/server/src/routes/openai-assistants-vector-store/index.ts

Description: ALL CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware AND the route path /api/v1/openai-assistants-vector-store is NOT in WHITELIST_URLS. However, it is also NOT protected by the main auth middleware when accessed via API key - the route requires API key auth (not whitelisted), but NO permission checks exist on any operation.

The real issue is that the routes have no checkAnyPermission() middleware, meaning any authenticated user regardless of role can:

Create vector stores
Upload files to vector stores
Delete vector stores and files
Modify any vector store

Evidence:

typescript

// No permission middleware on any route
router.post('/', controller.createAssistantVectorStore)          // No permission check
router.put(['/', '/:id'], controller.updateAssistantVectorStore) // No permission check
router.delete(['/', '/:id'], controller.deleteAssistantVectorStore) // No permission check
router.post('/:id', getMulterStorage().array('files'), controller.uploadFilesToAssistantVectorStore) // No permission check

Impact: Any authenticated user can manipulate OpenAI vector stores, upload malicious files, delete data, or exfiltrate stored documents regardless of their assigned permissions.

AnalysisAI

Missing authorization controls in Flowise's OpenAI Assistants Vector Store API allow any authenticated user to perform unrestricted CRUD operations on vector stores regardless of assigned permissions. Attackers with low-privilege user credentials can create, modify, or delete vector stores, upload malicious files, and exfiltrate stored documents across all workspaces. …

RemediationAI

Within 24 hours: Inventory all Flowise deployments and document current versions and vector store contents. Within 7 days: Apply Flowise 3.1.2 patch to all instances; test in non-production environment first. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-46444 vulnerability details – vuln.today

Back