CVE-2026-42862

FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource Reassignment

Published: 5/14/2026Modified: 5/14/2026

Description

### Summary A Mass Assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a tool resource. Due to missing server-side validation and authorization checks, an attacker can manipulate the workspaceId field and reassign tools to arbitrary workspaces. This breaks tenant isolation in multi-workspace environments. ### Details The endpoint responsible for updating tools: **PUT /api/v1/tools/{toolId}** accepts a JSON request body containing tool metadata. However, the server does not restrict which properties may be modified by the client. As a result, user-controlled request bodies can include additional fields that should normally be controlled only by the backend. Server-controlled fields that can be manipulated include: 1. workspaceId 2. createdDate 3. updatedDate The request body is directly merged into the underlying database entity without proper DTO validation or authorization checks. ### PoC Authenticate to the Flowise interface. Capture the request used to update a tool: ```http PUT /api/v1/tools/<TOOL_ID> Content-Type: application/json Modify the request body by injecting additional fields: { "name": "aaa", "description": "bbb", "color": "linear-gradient(rgb(109,215,45), rgb(136,170,134))", "schema": "[]", "func": "", "iconSrc": "test", "workspaceId": "11111111-2222-3333-4444-555555555555", "createdDate": "1995-03-06T14:17:50.000Z", "updatedDate": "1995-03-06T14:17:50.000Z" } ``` Send the request. Observe that the response includes the manipulated fields: ```json { "workspaceId": "11111111-2222-3333-4444-555555555555", "createdDate": "1995-03-06T14:17:50.000Z" } ``` This confirms that client-controlled values are accepted and persisted by the server. ### Impact This vulnerability allows authenticated users to manipulate internal attributes of tool resources. Confirmed impacts include: - Cross-workspace reassignment of tools (workspaceId) - Unauthorized modification of metadata (createdDate, updatedDate) In multi-tenant deployments, this may allow an attacker to move tools between workspaces without authorization, breaking tenant isolation boundaries.

Affected packages (1)

npm/flowisefrom 0, < 3.1.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Description

Affected packages (1)

CVSS scores

References (3)