CVE-2026-46476

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2

Description A mass assignment issue exists in the CustomTemplate create and update processes. The application uses Object.assign() to copy the request body into a CustomTemplate entity without an explicit field allowlist, allowing a client to overwrite sensitive fields such as workspaceId and id. An authenticated attacker can exploit this by sending a request to the PUT /api/v1/customtemplates/<id> endpoint with a modified workspaceId variable, effectively moving a template to a different workspace. This results in a cross-workspace template takeover and Insecure Direct Object Reference (IDOR), where the attacker can transfer ownership of a template to another workspace whose UUID is known.

Recommendations Update to version 3.1.2. As a temporary workaround, restrict access to the PUT /api/v1/customtemplates/<id> endpoint or monitor for requests containing the workspaceId or id variables in the request body.