CWE-639
AllowedAuthorization Bypass Through User-Controlled Key
Abstraction: Base · Status: Incomplete
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
3234 vulnerabilities reference this CWE, most recent first.
GHSA-3J7V-FHJG-6RH2
Vulnerability from github – Published: 2026-07-15 12:32 – Updated: 2026-07-15 12:32n8n before 2.28.1 contains an information disclosure vulnerability where external secrets are incorrectly resolved in workflow node expressions outside credentials scope. Authenticated project editors can read plaintext external secret values by referencing them in node expressions without requiring explicit secrets access permissions.
{
"affected": [],
"aliases": [
"CVE-2026-59254"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-15T12:18:17Z",
"severity": "MODERATE"
},
"details": "n8n before 2.28.1 contains an information disclosure vulnerability where external secrets are incorrectly resolved in workflow node expressions outside credentials scope. Authenticated project editors can read plaintext external secret values by referencing them in node expressions without requiring explicit secrets access permissions.",
"id": "GHSA-3j7v-fhjg-6rh2",
"modified": "2026-07-15T12:32:03Z",
"published": "2026-07-15T12:32:03Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/n8n-io/n8n/security/advisories/GHSA-2434-3x6q-8r99"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-59254"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/n8n-external-secrets-disclosure-via-workflow-node-expressions"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-3J8F-XVM3-FFX4
Vulnerability from github – Published: 2022-06-29 00:00 – Updated: 2022-07-08 17:05Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "parse-path"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-0624"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-05T22:13:37Z",
"nvd_published_at": "2022-06-28T09:15:00Z",
"severity": "HIGH"
},
"details": "Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0.",
"id": "GHSA-3j8f-xvm3-ffx4",
"modified": "2022-07-08T17:05:50Z",
"published": "2022-06-29T00:00:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0624"
},
{
"type": "WEB",
"url": "https://github.com/ionicabizau/parse-path/commit/f9ad8856a3c8ae18e1cf4caef5edbabbc42840e8"
},
{
"type": "PACKAGE",
"url": "https://github.com/ionicabizau/parse-path"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/afffb2bd-fb06-4144-829e-ecbbcbc85388"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Authorization Bypass in parse-path"
}
GHSA-3JQH-85C5-QCRG
Vulnerability from github – Published: 2025-02-18 03:31 – Updated: 2025-02-18 03:31The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.4.2 via the pm_messenger_show_messages function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read private conversations of other users.
{
"affected": [],
"aliases": [
"CVE-2024-13740"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-18T03:15:10Z",
"severity": "MODERATE"
},
"details": "The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.9.4.2 via the pm_messenger_show_messages function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read private conversations of other users.",
"id": "GHSA-3jqh-85c5-qcrg",
"modified": "2025-02-18T03:31:05Z",
"published": "2025-02-18T03:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13740"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/tags/5.9.4.2/public/class-profile-magic-public.php#L1299"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c2a1b1a4-df72-4666-b116-882af4cd5796?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-3JVH-PGP8-6866
Vulnerability from github – Published: 2024-05-14 18:30 – Updated: 2025-02-20 18:31A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file manage_user.php of the component HTTP Request Parameter Handler. The manipulation of the argument id leads to improper control of resource identifiers. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263938 is the identifier assigned to this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2024-4817"
],
"database_specific": {
"cwe_ids": [
"CWE-639",
"CWE-99"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-14T15:45:08Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file manage_user.php of the component HTTP Request Parameter Handler. The manipulation of the argument id leads to improper control of resource identifiers. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-263938 is the identifier assigned to this vulnerability.",
"id": "GHSA-3jvh-pgp8-6866",
"modified": "2025-02-20T18:31:15Z",
"published": "2024-05-14T18:30:57Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4817"
},
{
"type": "WEB",
"url": "https://github.com/yylmm/CVE/blob/main/Online%20Laundry%20Management%20System/IDOR_manage_user.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.263938"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.263938"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.333055"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-3MM3-WFPV-Q85G
Vulnerability from github – Published: 2025-11-20 21:30 – Updated: 2025-11-21 00:38An issue was discovered in Clerk-js 5.88.0 allowing attackers to bypass the OAuth authentication flow by manipulating the request at the OTP verification stage.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@clerk/clerk-js"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.88.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-63700"
],
"database_specific": {
"cwe_ids": [
"CWE-290",
"CWE-639"
],
"github_reviewed": true,
"github_reviewed_at": "2025-11-21T00:38:59Z",
"nvd_published_at": "2025-11-20T19:16:21Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in Clerk-js 5.88.0 allowing attackers to bypass the OAuth authentication flow by manipulating the request at the OTP verification stage.",
"id": "GHSA-3mm3-wfpv-q85g",
"modified": "2025-11-21T00:38:59Z",
"published": "2025-11-20T21:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-63700"
},
{
"type": "WEB",
"url": "https://clerk.com"
},
{
"type": "PACKAGE",
"url": "https://github.com/clerk/javascript"
},
{
"type": "WEB",
"url": "https://github.com/itsnishat08/CVE-2025-63700"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "Clerk-js vulnerable to bypass of OAuth authentication flow by manipulating request at OTP verification stage"
}
GHSA-3MPF-FHF9-62MX
Vulnerability from github – Published: 2025-06-26 21:31 – Updated: 2025-06-26 21:31An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password.
{
"affected": [],
"aliases": [
"CVE-2025-3091"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-24T09:15:25Z",
"severity": "HIGH"
},
"details": "An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password.",
"id": "GHSA-3mpf-fhf9-62mx",
"modified": "2025-06-26T21:31:05Z",
"published": "2025-06-26T21:31:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3091"
},
{
"type": "WEB",
"url": "https://certvde.com/en/advisories/VDE-2025-035"
},
{
"type": "WEB",
"url": "https://certvde.com/en/advisories/VDE-2025-038"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3P7C-45PX-FV4V
Vulnerability from github – Published: 2025-09-22 21:30 – Updated: 2026-04-01 18:36Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS Academy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Academy LMS: from n/a through 3.3.4.
{
"affected": [],
"aliases": [
"CVE-2025-59562"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-22T19:16:24Z",
"severity": "MODERATE"
},
"details": "Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS Academy LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Academy LMS: from n/a through 3.3.4.",
"id": "GHSA-3p7c-45px-fv4v",
"modified": "2026-04-01T18:36:18Z",
"published": "2025-09-22T21:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59562"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/academy/vulnerability/wordpress-academy-lms-plugin-3-3-4-insecure-direct-object-references-idor-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-3P7X-94Q9-JQ9X
Vulnerability from github – Published: 2026-02-05 18:30 – Updated: 2026-02-05 21:43pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the \restrict key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using \unrestrict <key>. This results in reliable command execution on the pgAdmin host during the restore operation.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pgadmin4"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "9.12"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-1707"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-639"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-05T21:43:48Z",
"nvd_published_at": "2026-02-05T18:16:11Z",
"severity": "HIGH"
},
"details": "pgAdmin versions 9.11 are affected by a Restore restriction bypass via key disclosure vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. An attacker with access to the pgAdmin web interface can observe an active restore operation, extract the `\\restrict` key in real time, and race the restore process by overwriting the restore script with a payload that re-enables meta-commands using `\\unrestrict \u003ckey\u003e`. This results in reliable command execution on the pgAdmin host during the restore operation.",
"id": "GHSA-3p7x-94q9-jq9x",
"modified": "2026-02-05T21:43:48Z",
"published": "2026-02-05T18:30:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1707"
},
{
"type": "WEB",
"url": "https://github.com/pgadmin-org/pgadmin4/issues/9518"
},
{
"type": "WEB",
"url": "https://github.com/pgadmin-org/pgadmin4/commit/62e2d18b0261f88086db65059a6078db07169f18"
},
{
"type": "PACKAGE",
"url": "https://github.com/pgadmin-org/pgadmin4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "pgadmin4 affected by a Restore restriction bypass via key disclosure vulnerability"
}
GHSA-3PGC-7JF3-5X5G
Vulnerability from github – Published: 2022-05-24 16:52 – Updated: 2024-02-12 11:32An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "magento/community-edition"
},
"ranges": [
{
"events": [
{
"introduced": "2.1"
},
{
"fixed": "2.1.18"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "magento/community-edition"
},
"ranges": [
{
"events": [
{
"introduced": "2.2"
},
{
"fixed": "2.2.9"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "magento/community-edition"
},
"ranges": [
{
"events": [
{
"introduced": "2.3"
},
{
"fixed": "2.3.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-7890"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": true,
"github_reviewed_at": "2023-07-17T20:40:16Z",
"nvd_published_at": "2019-08-02T22:15:00Z",
"severity": "HIGH"
},
"details": "An Insecure Direct Object Reference (IDOR) vulnerability exists in the order processing workflow of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can lead to unauthorized access to order details.",
"id": "GHSA-3pgc-7jf3-5x5g",
"modified": "2024-02-12T11:32:11Z",
"published": "2022-05-24T16:52:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-7890"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/magento/product-community-edition/CVE-2019-7890.yaml"
},
{
"type": "WEB",
"url": "https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20220121051916/https://magento.com/security/patches/magento-2.3.2-2.2.9-and-2.1.18-security-update-23"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Magento 2 Community Edition IDOR Vulnerability"
}
GHSA-3PRP-9GF7-4RXX
Vulnerability from github – Published: 2026-04-17 21:34 – Updated: 2026-04-24 21:01Summary
A Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key (id) and internal state fields of DocumentStore entities.
Because the service uses repository.save() with a client-supplied primary key, the POST create endpoint behaves as an implicit UPSERT operation. This enables overwriting existing DocumentStore objects.
In multi-workspace or multi-tenant deployments, this can lead to cross-workspace object takeover and broken object-level authorization (IDOR), allowing an attacker to reassign or modify DocumentStore objects belonging to other workspaces.
Details
The DocumentStore entity defines a globally unique primary key:
@PrimaryGeneratedColumn('uuid')
id: string
The create logic is implemented as:
const documentStore = repo.create(newDocumentStore)
const dbResponse = await repo.save(documentStore)
Here is no DTO allowlist or field filtering before persistence. The entire request body is mapped directly to the entity. TypeORM save() behavior:
- If the primary key (id) exists → UPDATE
- If not → INSERT
Because id is accepted from the client, the create endpoint effectively functions as an UPSERT endpoint.
This allows an authenticated user to submit:
{
"id": "<existing_store_id>",
"name": "modified",
"description": "modified",
"status": "SYNC",
"embeddingConfig": "...",
"vectorStoreConfig": "...",
"recordManagerConfig": "..."
}
If a DocumentStore with the supplied id already exists, save() performs an UPDATE rather than creating a new record.
Importantly:
The primary key is globally unique (uuid) It is not composite with workspaceId The create path does not enforce ownership validation before calling save() This introduces a broken object-level authorization risk.
If an attacker can obtain or enumerate a valid DocumentStore UUID belonging to another workspace, they can: Submit a POST create request with that UUID. Trigger an UPDATE on the existing record. Potentially overwrite fields including workspaceId, effectively reassigning the object to their own workspace.
Because the service layer does not verify that the existing record belongs to the caller’s workspace before updating, this may result in cross-workspace object takeover.
Additionally, several service functions retrieve DocumentStore entities by id without consistently scoping by workspaceId, increasing the risk of IDOR if controller-level protections are bypassed or misconfigured.
PoC
- Create a normal DocumentStore in Workspace A.
- Capture its id from the API response.
- From Workspace B (or another authenticated context), submit:
POST /api/v1/document-store
Content-Type: application/json
{
"id": "<id_from_workspace_A>",
"name": "hijacked",
"description": "hijacked"
}
Because the service uses repository.save() with a client-supplied primary key:
- The existing record is updated.
- The object may become reassigned depending on how workspaceId is handled at controller level.
- If workspaceId is overwritten during the create flow, the store is effectively migrated to the attacker’s workspace.
- This demonstrates object takeover via UPSERT semantics on a create endpoint.
Impact
This vulnerability enables:
- Mass Assignment on server-managed fields
- Overwrite of existing objects via implicit UPSERT behavior
- Broken Object Level Authorization (BOLA)
- Potential cross-workspace object takeover in multi-tenant deployments
- In a SaaS or shared-workspace environment, an attacker who can obtain or guess a valid UUID may modify or reassign DocumentStore objects belonging to other tenants.
Because DocumentStore objects control embedding providers, vector store configuration, and record management logic, successful takeover can affect data indexing, retrieval, and AI workflow execution.
This represents a high-risk authorization flaw in multi-tenant environments.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.0.13"
},
"package": {
"ecosystem": "npm",
"name": "flowise"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-41277"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-639",
"CWE-915"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-17T21:34:16Z",
"nvd_published_at": "2026-04-23T20:16:16Z",
"severity": "HIGH"
},
"details": "### Summary\nA Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key (id) and internal state fields of DocumentStore entities.\n\nBecause the service uses repository.save() with a client-supplied primary key, the POST create endpoint behaves as an implicit UPSERT operation. This enables overwriting existing DocumentStore objects.\n\nIn multi-workspace or multi-tenant deployments, this can lead to cross-workspace object takeover and broken object-level authorization (IDOR), allowing an attacker to reassign or modify DocumentStore objects belonging to other workspaces.\n\n### Details\nThe DocumentStore entity defines a globally unique primary key:\n\n```typescript\n@PrimaryGeneratedColumn(\u0027uuid\u0027)\nid: string\n```\n\nThe create logic is implemented as:\n```typescript\nconst documentStore = repo.create(newDocumentStore)\nconst dbResponse = await repo.save(documentStore)\n```\n\nHere is no DTO allowlist or field filtering before persistence. The entire request body is mapped directly to the entity.\nTypeORM save() behavior:\n\n1. If the primary key (id) exists \u2192 UPDATE\n2. If not \u2192 INSERT\n\nBecause id is accepted from the client, the create endpoint effectively functions as an UPSERT endpoint.\n\nThis allows an authenticated user to submit:\n\n```json\n{\n \"id\": \"\u003cexisting_store_id\u003e\",\n \"name\": \"modified\",\n \"description\": \"modified\",\n \"status\": \"SYNC\",\n \"embeddingConfig\": \"...\",\n \"vectorStoreConfig\": \"...\",\n \"recordManagerConfig\": \"...\"\n}\n```\nIf a DocumentStore with the supplied id already exists, save() performs an UPDATE rather than creating a new record.\n\nImportantly:\n\nThe primary key is globally unique (uuid)\nIt is not composite with workspaceId\nThe create path does not enforce ownership validation before calling save()\nThis introduces a broken object-level authorization risk.\n\nIf an attacker can obtain or enumerate a valid DocumentStore UUID belonging to another workspace, they can:\nSubmit a POST create request with that UUID.\nTrigger an UPDATE on the existing record.\nPotentially overwrite fields including workspaceId, effectively reassigning the object to their own workspace.\n\nBecause the service layer does not verify that the existing record belongs to the caller\u2019s workspace before updating, this may result in cross-workspace object takeover.\n\nAdditionally, several service functions retrieve DocumentStore entities by id without consistently scoping by workspaceId, increasing the risk of IDOR if controller-level protections are bypassed or misconfigured.\n\n### PoC\n\n1. Create a normal DocumentStore in Workspace A.\n2. Capture its id from the API response.\n3. From Workspace B (or another authenticated context), submit:\n\n```http\nPOST /api/v1/document-store\nContent-Type: application/json\n\n{\n \"id\": \"\u003cid_from_workspace_A\u003e\",\n \"name\": \"hijacked\",\n \"description\": \"hijacked\"\n}\n```\n\nBecause the service uses repository.save() with a client-supplied primary key:\n\n- The existing record is updated.\n- The object may become reassigned depending on how workspaceId is handled at controller level.\n- If workspaceId is overwritten during the create flow, the store is effectively migrated to the attacker\u2019s workspace.\n- This demonstrates object takeover via UPSERT semantics on a create endpoint.\n\n### Impact\nThis vulnerability enables:\n\n- Mass Assignment on server-managed fields\n- Overwrite of existing objects via implicit UPSERT behavior\n- Broken Object Level Authorization (BOLA)\n- Potential cross-workspace object takeover in multi-tenant deployments\n- In a SaaS or shared-workspace environment, an attacker who can obtain or guess a valid UUID may modify or reassign DocumentStore objects belonging to other tenants.\n\nBecause DocumentStore objects control embedding providers, vector store configuration, and record management logic, successful takeover can affect data indexing, retrieval, and AI workflow execution.\n\nThis represents a high-risk authorization flaw in multi-tenant environments.",
"id": "GHSA-3prp-9gf7-4rxx",
"modified": "2026-04-24T21:01:04Z",
"published": "2026-04-17T21:34:16Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-3prp-9gf7-4rxx"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41277"
},
{
"type": "PACKAGE",
"url": "https://github.com/FlowiseAI/Flowise"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Flowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)"
}
Mitigation
For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.