CVE-2026-46477: FlowiseAI: Dataset create+update mass-assignment allows cross-workspace dataset takeover
(updated )
Type: Mass assignment via Object.assign(entity, body) -> client-controlled workspaceId (and on create, id) overwritten on the Dataset entity -> cross-workspace data takeover and IDOR.
File: packages/server/src/services/dataset/index.ts
Root cause: The Dataset controller/service constructs a new Dataset() and copies the request body into it via Object.assign(...) without an explicit field allowlist. The request body therefore can include workspaceId, id, createdDate, updatedDate. The server only rebinds some of these after the assign (e.g. on create, it overwrites workspaceId but not id; on update, it overwrites id but not workspaceId). The remaining client-controlled values land directly on the persisted row, breaking workspace isolation. Same root pattern as the dataset entity’s sibling controllers and as DocumentStore before it was patched in commit 840d2ae.
References
- github.com/FlowiseAI/Flowise/commit/49a2259bf2a6b4f3d4b50813cb5161cee0d40040
- github.com/FlowiseAI/Flowise/pull/6051
- github.com/FlowiseAI/Flowise/releases/tag/flowise%403.1.2
- github.com/FlowiseAI/Flowise/security/advisories/GHSA-5h9v-837x-m97r
- github.com/advisories/GHSA-5h9v-837x-m97r
- nvd.nist.gov/vuln/detail/CVE-2026-46477
Code Behaviors & Features
Detect and mitigate CVE-2026-46477 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →