VulnWatch VulnWatch
← Back to dashboard
High github · GHSA-78pr-c5x5-jggc

FlowiseAI: Assistant create+update mass-assignment allows cross-workspace assistant takeover

Published May 14, 2026 CVSS 0.0

Summary

Type: Mass assignment via Object.assign(entity, body) -> client-controlled workspaceId (and on create, id) overwritten on the Assistant entity -> cross-workspace data takeover and IDOR. File: packages/server/src/services/assistants/index.ts Root cause: The Assistant controller/service constructs a new Assistant() and copies the request body into it via Object.assign(...) without an explicit field allowlist. The request body therefore can include workspaceId, id, createdDate, updatedDate. The server only rebinds some of these after the assign (e.g. on create, it overwrites workspaceId but not id; on update, it overwrites id but not workspaceId). The remaining client-controlled values land directly on the persisted row, breaking workspace isolation. Same root pattern as the assistant entity's sibling controllers and as DocumentStore before it was patched in commit 840d2ae.

Affected Code

File: packages/server/src/services/assistants/index.ts

// create (line 303) and update (line 381)
Object.assign(newAssistant, requestBody) //

Affected AI Products

llm
View original source
Get the weekly digest. Every Monday: top AI security stories of the week. Free.