Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover. This issue has been patched in version 3.1.2.
Casky was already ahead
This CVE exploits attack patterns that Casky's 0matched skills already investigate — long before this vulnerability was disclosed. Claude's reasoning model maps these techniques to MITRE ATT&CK, so practitioners who ran these skills have already seen the threat behaviour in their findings.
Flowise versions prior to 3.1.2 contain a mass-assignment vulnerability in evaluator creation and update endpoints that allows attackers to modify evaluator objects beyond their intended scope. Mass-assignment vulnerabilities occur when applications bind user-supplied input directly to object properties without proper validation, enabling attackers to set unintended fields. In this case, threat actors can exploit the lack of workspace isolation checks to take over evaluators across different workspaces—potentially gaining unauthorized access to LLM flow configurations, evaluation results, and sensitive data belonging to other organizations. This vulnerability affects any organization running Flowise versions before 3.1.2 that operate multi-tenant or multi-workspace deployments, making it particularly critical for SaaS providers and enterprises managing multiple teams or customers on shared instances.
While this CVE is not currently mapped to specific MITRE ATT&CK techniques, Casky's 754 mapped security skills would help practitioners detect the attack patterns underlying mass-assignment exploitation. Practitioners using Casky would identify abnormal API behavior indicative of object property manipulation—specifically suspicious POST/PUT requests to evaluator endpoints that include unexpected field modifications or workspace-crossing object references. Extended reasoning capabilities would correlate API logs showing: (1) requests from low-privilege users modifying high-sensitivity evaluator fields, (2) changes to evaluator ownership or workspace associations that don't match the requester's authorization level, and (3) cross-workspace object access patterns that violate expected access control boundaries. Detection findings would highlight the absence of input validation on mass-assignable properties and recommend immediate patching to 3.1.2, plus implementation of explicit allowlists for permitted request fields and strict workspace isolation enforcement.
Composite risk scoring from EPSS, CISA KEV, Shodan, and GreyNoise — 21 security APIs correlated into a single Casky Risk Score. Coming in Casky Pro. Join early access →
Casky has 0 skills that investigate the attack patterns behind CVE-2026-46480. Run one and get CVSS-scored findings in 3 minutes.
Run the skill that detects this →© 2026 Casky.AI, Inc. · AI Security Investigation