A high-severity mass assignment vulnerability in Flowise allows authenticated users to hijack other users' custom templates, potentially compromising proprietary LLM workflows.

This is a mass assignment flaw where any authenticated user with edit permissions can reassign a custom template to any workspace by guessing or enumerating the workspace UUID. This allows for unauthorized modification or theft of custom LLM flow configurations.

With a CVSS score of 8.8, this vulnerability poses a significant risk to the integrity of AI-driven business processes. Unauthorized access to custom LLM templates can lead to the exposure of sensitive logic, intellectual property theft, or the injection of malicious prompts into corporate workflows.

Immediate Action: Upgrade Flowise to version 3.1.2 or later to address the mass assignment vulnerability.

Proactive Monitoring: Review access logs for unusual workspace modification requests or unauthorized enumeration of UUIDs.

Compensating Controls: Implement strict access control policies and ensure that workspace identifiers are not exposed in client-side responses or predictable formats.

Public Exploit Available: true

The combination of a mass assignment flaw and a public exploit makes this a critical security concern. Organizations should update their Flowise installations immediately and audit existing workspace configurations to ensure no templates have been subject to unauthorized reassignment.