CVE-2026-42862
FlowiseAI has Mass Assignment in Tool Update Endpoint that Allows Cross-Workspace Resource Reassignment
Description
### Summary A Mass Assignment vulnerability exists in the tool update endpoint of FlowiseAI. The endpoint allows authenticated users to modify server-controlled properties such as workspaceId, createdDate, and updatedDate when updating a tool resource. Due to missing server-side validation and authorization checks, an attacker can manipulate the workspaceId field and reassign tools to arbitrary workspaces. This breaks tenant isolation in multi-workspace environments. ### Details The endpoint responsible for updating tools: **PUT /api/v1/tools/{toolId}** accepts a JSON request body containing tool metadata. However, the server does not restrict which properties may be modified by the client. As a result, user-controlled request bodies can include additional fields that should normally be controlled only by the backend. Server-controlled fields that can be manipulated include: 1. workspaceId 2. createdDate 3. updatedDate The request body is directly merged into the underlying database entity without proper DTO validation or authorization checks. ### PoC Authenticate to the Flowise interface. Capture the request used to update a tool: ```http PUT /api/v1/tools/<TOOL_ID> Content-Type: application/json Modify the request body by injecting additional fields: { "name": "aaa", "description": "bbb", "color": "linear-gradient(rgb(109,215,45), rgb(136,170,134))", "schema": "[]", "func": "", "iconSrc": "test", "workspaceId": "11111111-2222-3333-4444-555555555555", "createdDate": "1995-03-06T14:17:50.000Z", "updatedDate": "1995-03-06T14:17:50.000Z" } ``` Send the request. Observe that the response includes the manipulated fields: ```json { "workspaceId": "11111111-2222-3333-4444-555555555555", "createdDate": "1995-03-06T14:17:50.000Z" } ``` This confirms that client-controlled values are accepted and persisted by the server. ### Impact This vulnerability allows authenticated users to manipulate internal attributes of tool resources. Confirmed impacts include: - Cross-workspace reassignment of tools (workspaceId) - Unauthorized modification of metadata (createdDate, updatedDate) In multi-tenant deployments, this may allow an attacker to move tools between workspaces without authorization, breaking tenant isolation boundaries.
How to fix CVE-2026-42862
To remediate CVE-2026-42862, upgrade the affected package to a fixed version below.
- —upgrade to 3.1.2 or later