CVE-2026-46444: FlowiseAI: Vector Store No Permission Checks
(updated )
FINDING 4: OpenAI Assistants Vector Store - No Auth on CRUD Operations
Severity: HIGH (CVSS ~8.1)
Type: CWE-306 (Missing Authentication for Critical Function)
File: packages/server/src/routes/openai-assistants-vector-store/index.ts
Description: ALL CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware AND the route path /api/v1/openai-assistants-vector-store is NOT in WHITELIST_URLS. However, it is also NOT protected by the main auth middleware when accessed via API key — the route requires API key auth (not whitelisted), but NO permission checks exist on any operation.
The real issue is that the routes have no checkAnyPermission() middleware, meaning any authenticated user regardless of role can:
- Create vector stores
- Upload files to vector stores
- Delete vector stores and files
- Modify any vector store
Evidence:
// No permission middleware on any route
router.post('/', controller.createAssistantVectorStore) // No permission check
router.put(['/', '/:id'], controller.updateAssistantVectorStore) // No permission check
router.delete(['/', '/:id'], controller.deleteAssistantVectorStore) // No permission check
router.post('/:id', getMulterStorage().array('files'), controller.uploadFilesToAssistantVectorStore) // No permission check
Impact: Any authenticated user can manipulate OpenAI vector stores, upload malicious files, delete data, or exfiltrate stored documents regardless of their assigned permissions.
References
Code Behaviors & Features
Detect and mitigate CVE-2026-46444 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →