CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2026-46476

HIGH
8.8
CVSS Severity Score
EPSS Score0.0840%
EPSS Percentile29.20th
Published2026年6月8日
Last Modified2026年6月15日

Vulnerability Description

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeover. This issue has been patched in version 3.1.2.

Affected Platforms (CPE)

No CPE configurations currently published for this record.

References & Advisories

🔗 https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.1.2
🔗 https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-728h-4mwj-f2p4

相關漏洞威脅

CVE-2026-361110.0

The Honeywell IQ4x building management controller, exposes its full web-based HMI without authentication in its factory-default co...

CVE-2026-5270410.0

Improper Control of Generation of Code ('Code Injection') vulnerability in Edgar Rojas WooCommerce PDF Invoice Builder allows Remo...

CVE-2026-4855810.0

SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authe...

CVE-2026-1061110.0

An authentication bypass vulnerability exists in MISP when LDAP mixed authentication is enabled with OTP enforcement. In deploymen...