PT-2026-40976 · Npm · Flowise

Published

2026-05-14

·

Updated

2026-05-14

·

CVE-2026-42862

CVSS v4.0

7.6

High

VectorAV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Summary

A Mass Assignment vulnerability exists in the tool update endpoint of FlowiseAI.
The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a tool resource.
Due to missing server-side validation and authorization checks, an attacker can manipulate the workspaceId field and reassign tools to arbitrary workspaces. This breaks tenant isolation in multi-workspace environments.

Details

The endpoint responsible for updating tools:
PUT /api/v1/tools/{toolId}
accepts a JSON request body containing tool metadata.
However, the server does not restrict which properties may be modified by the client. As a result, user-controlled request bodies can include additional fields that should normally be controlled only by the backend.
Server-controlled fields that can be manipulated include:
  1. workspaceId
  2. createdDate
  3. updatedDate
The request body is directly merged into the underlying database entity without proper DTO validation or authorization checks.

PoC

Authenticate to the Flowise interface.
Capture the request used to update a tool:
PUT /api/v1/tools/<TOOL ID>
Content-Type: application/json

Modify the request body by injecting additional fields:

{
 "name": "aaa",
 "description": "bbb",
 "color": "linear-gradient(rgb(109,215,45), rgb(136,170,134))",
 "schema": "[]",
 "func": "",
 "iconSrc": "test",
 "workspaceId": "11111111-2222-3333-4444-555555555555",
 "createdDate": "1995-03-06T14:17:50.000Z",
 "updatedDate": "1995-03-06T14:17:50.000Z"
}
Send the request.
Observe that the response includes the manipulated fields:
{
 "workspaceId": "11111111-2222-3333-4444-555555555555",
 "createdDate": "1995-03-06T14:17:50.000Z"
}
This confirms that client-controlled values are accepted and persisted by the server.

Impact

This vulnerability allows authenticated users to manipulate internal attributes of tool resources.
Confirmed impacts include:
  • Cross-workspace reassignment of tools (workspaceId)
  • Unauthorized modification of metadata (createdDate, updatedDate)
In multi-tenant deployments, this may allow an attacker to move tools between workspaces without authorization, breaking tenant isolation boundaries.

Fix

Improper Access Control

IDOR

Weakness Enumeration

CWE-284CWE-915CWE-639

Related Identifiers

CVE-2026-42862
GHSA-X5V6-PJ28-CWWM

Affected Products

Flowise