NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-46480

Summary	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2.
Publication Date	June 9, 2026, 1:16 a.m.
Registration Date	June 9, 2026, 4:15 a.m.
Last Update	June 9, 2026, 2:16 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.1.2	security-advisories@github.com
2	https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-wxrr-jp8m-qq7f	security-advisories@github.com
3	https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-wxrr-jp8m-qq7f	134c704f-9b21-4f2e-91b3-4a467353bcc0

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-915	動的に決定されたオブジェクト属性の不適切に制御された変更	https://cwe.mitre.org/data/definitions/915.html