VulnWatch VulnWatch
← Back to dashboard
High github · GHSA-hmg2-jjjx-jcp2

FlowiseAI: Vector Store No Permission Checks

Published May 14, 2026 CVSS 0.0

FINDING 4: OpenAI Assistants Vector Store - No Auth on CRUD Operations

Severity: HIGH (CVSS ~8.1) Type: CWE-306 (Missing Authentication for Critical Function) File: packages/server/src/routes/openai-assistants-vector-store/index.ts

Description: ALL CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware AND the route path /api/v1/openai-assistants-vector-store is NOT in WHITELIST_URLS. However, it is also NOT protected by the main auth middleware when accessed via API key — the route requires API key auth (not whitelisted), but NO permission checks exist on any operation.

The real issue is that the routes have no checkAnyPermission() middleware, meaning any authenticated user regardless of role can:

  • Create vector stores
  • Upload files to vector stores
  • Delete vector stores and files
  • Modify any vector store

Evidence:

// No permission middleware on any route
router.post('/', controller.createAssistantVectorStore)          // No permission check
router.put(['/', '/:id'], controller.updateAssistantVectorStore) // No permission check
router.delete(['/', '/:id'], controller.deleteAssistantVectorStore) // No permission check
router.post('/:id', getMulterStorage().array('files'), controller.uploadFilesToAssistantVectorStore) // No permission check

Impact: Any authenticated user can manipulate OpenAI vector stores, upload malicious files, delete data, or exfiltrate stored documents regardless of their assigned permissions.

Affected AI Products

openai
View original source
Get the weekly digest. Every Monday: top AI security stories of the week. Free.