CWE-639
AllowedAuthorization Bypass Through User-Controlled Key
Abstraction: Base · Status: Incomplete
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
3221 vulnerabilities reference this CWE, most recent first.
GHSA-5VHP-6MVG-GG49
Vulnerability from github – Published: 2024-12-03 12:31 – Updated: 2024-12-03 12:31The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.
{
"affected": [],
"aliases": [
"CVE-2024-12062"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-03T10:15:05Z",
"severity": "MODERATE"
},
"details": "The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the \u0027nacharity_elementor_template\u0027 shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to.",
"id": "GHSA-5vhp-6mvg-gg49",
"modified": "2024-12-03T12:31:11Z",
"published": "2024-12-03T12:31:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12062"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/charity-addon-for-elementor/trunk/elementor/lib/lib.php#L12"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7ac68314-c704-4273-addc-4bc623659769?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5VM9-7R3M-24R6
Vulnerability from github – Published: 2025-04-12 09:30 – Updated: 2025-04-12 09:30The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_membership_register_member() due to missing validation on the 'membership_id' user controlled key. This makes it possible for unauthenticated attackers to update any user's membership to any other active or non-active membership type.
{
"affected": [],
"aliases": [
"CVE-2025-3282"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-12T07:15:27Z",
"severity": "MODERATE"
},
"details": "The User Registration \u0026 Membership \u2013 Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_membership_register_member() due to missing validation on the \u0027membership_id\u0027 user controlled key. This makes it possible for unauthenticated attackers to update any user\u0027s membership to any other active or non-active membership type.",
"id": "GHSA-5vm9-7r3m-24r6",
"modified": "2025-04-12T09:30:30Z",
"published": "2025-04-12T09:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3282"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3268617/user-registration/trunk/modules/membership/includes/AJAX.php"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c525b41c-dca5-442a-927e-4583cb303ed1?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5VMW-2M2G-FJ7W
Vulnerability from github – Published: 2026-05-04 18:30 – Updated: 2026-05-13 18:30Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and earlier contain an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated attackers to enumerate and retrieve all customer order records. Attackers can iterate over sequential WordPress post IDs through the scan_qr.php endpoint to harvest the complete set of orders stored in the database without requiring authentication or prior knowledge of specific order identifiers. This plugin was officially closed as of 2026-03-18.
{
"affected": [],
"aliases": [
"CVE-2026-41471"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-04T18:16:29Z",
"severity": "HIGH"
},
"details": "Easy PayPal Events \u0026 Tickets plugin for WordPress versions 1.3 and earlier contain an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated attackers to enumerate and retrieve all customer order records. Attackers can iterate over sequential WordPress post IDs through the scan_qr.php endpoint to harvest the complete set of orders stored in the database without requiring authentication or prior knowledge of specific order identifiers. This plugin was officially closed as of 2026-03-18.",
"id": "GHSA-5vmw-2m2g-fj7w",
"modified": "2026-05-13T18:30:33Z",
"published": "2026-05-04T18:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41471"
},
{
"type": "WEB",
"url": "https://gist.github.com/4lec4st/9fd04b4bfadb3f7e388f61588f5f2564"
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/easy-paypal-events-tickets"
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/easy-paypal-events-tickets/#developers"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/easy-paypal-events-tickets-information-disclosure-via-qr-code-endpoint"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5VPR-GFJ6-PWH2
Vulnerability from github – Published: 2022-09-27 00:00 – Updated: 2022-09-29 00:00The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations in certain situations.
{
"affected": [],
"aliases": [
"CVE-2022-1613"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-09-26T13:15:00Z",
"severity": "MODERATE"
},
"details": "The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor\u0027s IP from certain HTTP headers over PHP\u0027s REMOTE_ADDR, which makes it possible to bypass IP-based limitations in certain situations.",
"id": "GHSA-5vpr-gfj6-pwh2",
"modified": "2022-09-29T00:00:24Z",
"published": "2022-09-27T00:00:21Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1613"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/c03863ef-9ac9-402b-8f8d-9559c9988e2b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5VW8-R55W-F4Q4
Vulnerability from github – Published: 2022-05-24 19:12 – Updated: 2025-11-07 23:18Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the V1/customers/me endpoint to achieve information exposure and privilege escalation.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "magento/project-community-edition"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.0.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "magento/community-edition"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.7-p1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "magento/community-edition"
},
"versions": [
"2.3.7"
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "magento/community-edition"
},
"ranges": [
{
"events": [
{
"introduced": "2.4.2-p1"
},
{
"fixed": "2.4.2-p2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "magento/community-edition"
},
"versions": [
"2.4.2"
]
}
],
"aliases": [
"CVE-2021-36032"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-639"
],
"github_reviewed": true,
"github_reviewed_at": "2025-11-07T23:18:53Z",
"nvd_published_at": "2021-09-01T15:15:00Z",
"severity": "HIGH"
},
"details": "Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability. An authenticated attacker can trigger an insecure direct object reference in the `V1/customers/me` endpoint to achieve information exposure and privilege escalation.",
"id": "GHSA-5vw8-r55w-f4q4",
"modified": "2025-11-07T23:18:53Z",
"published": "2022-05-24T19:12:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36032"
},
{
"type": "PACKAGE",
"url": "https://github.com/magento/magento2"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/magento/apsb21-64.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Magento is affected by an improper input validation vulnerability"
}
GHSA-5WQV-FHMR-PJGH
Vulnerability from github – Published: 2026-06-17 21:34 – Updated: 2026-06-17 21:34Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session endpoint that allows authenticated users to disclose cross-profile session transcripts. Attackers can bypass profile boundary checks by directly querying session IDs belonging to other profiles via GET /api/session?session_id=&messages=1 to retrieve unauthorized conversation transcripts and metadata.
{
"affected": [],
"aliases": [
"CVE-2026-55197"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-17T19:18:13Z",
"severity": "HIGH"
},
"details": "Hermes WebUI before 0.51.443 contains a broken access control vulnerability in the /api/session endpoint that allows authenticated users to disclose cross-profile session transcripts. Attackers can bypass profile boundary checks by directly querying session IDs belonging to other profiles via GET /api/session?session_id=\u003cforeign_id\u003e\u0026messages=1 to retrieve unauthorized conversation transcripts and metadata.",
"id": "GHSA-5wqv-fhmr-pjgh",
"modified": "2026-06-17T21:34:38Z",
"published": "2026-06-17T21:34:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-55197"
},
{
"type": "WEB",
"url": "https://github.com/nesquena/hermes-webui/pull/3982"
},
{
"type": "WEB",
"url": "https://github.com/nesquena/hermes-webui/pull/4269"
},
{
"type": "WEB",
"url": "https://github.com/nesquena/hermes-webui/commit/2a3baa71b81ca92da8ece8616a09f15894beec71"
},
{
"type": "WEB",
"url": "https://github.com/nesquena/hermes-webui/releases/tag/v0.51.443"
},
{
"type": "WEB",
"url": "https://www.vulncheck.com/advisories/hermes-webui-broken-access-control-in-api-session-endpoint"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5WW4-669R-5XH7
Vulnerability from github – Published: 2025-09-08 21:31 – Updated: 2025-09-08 21:31The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.4.8. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts.
{
"affected": [],
"aliases": [
"CVE-2025-9114"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-08T19:15:38Z",
"severity": "CRITICAL"
},
"details": "The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.4.8. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts.",
"id": "GHSA-5ww4-669r-5xh7",
"modified": "2025-09-08T21:31:00Z",
"published": "2025-09-08T21:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9114"
},
{
"type": "WEB",
"url": "https://themeforest.net/item/doccure-medical-wordpress-theme/34329202"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8f8b1d8f-b2b6-415c-91f2-e5b98048258d?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5WW9-JG6Q-38R7
Vulnerability from github – Published: 2026-06-12 21:00 – Updated: 2026-06-12 21:00Summary
A low-privileged authenticated user of filebrowser (with create + delete permissions in their own isolated scope) can silently destroy share-link records belonging to any other user — including the administrator — by performing a legitimate DELETE on a file in their own directory whose logical path happens to be a byte-prefix of another user's stored share.Link.Path. The file contents of the victim are not exposed, but the victim's share links are irrevocably wiped.
Details
resourceDeleteHandler in http/resource.go cleans up any share records that reference a deleted file by calling:
// http/resource.go
err = d.store.Share.DeleteWithPathPrefix(file.Path)
file.Path here is the logical path from the URL of the deleting user's request (e.g. /a), not the absolute filesystem path. It is passed as-is to the bolt backend:
// storage/bolt/share.go
func (s shareBackend) DeleteWithPathPrefix(pathPrefix string) error {
var links []share.Link
if err := s.db.Prefix("Path", pathPrefix, &links); err != nil {
return err
}
for _, link := range links {
err = errors.Join(err, s.db.DeleteStruct(&share.Link{Hash: link.Hash}))
}
return err
}
Why the design contradicts this behavior. share.Link carries a UserID field and the application elsewhere treats shares as per-user owned resources. shareDeleteHandler explicitly enforces link.UserID != d.user.ID && !d.user.Perm.Admin → 403. The file-deletion side-effect path is the only location that bypasses this rule.
Impact
- Integrity: unauthorized deletion of share-link metadata belonging to arbitrary users, including administrators.
- Availability: effective denial-of-service of the share-link feature — a cooperating (or malicious) low-priv user can wipe the bulk of existing share links by iterating a short set of one- and two-character prefixes.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/filebrowser/filebrowser"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.11.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.63.5"
},
"package": {
"ecosystem": "Go",
"name": "github.com/filebrowser/filebrowser/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.63.6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-54097"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-12T21:00:55Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\nA low-privileged authenticated user of filebrowser (with `create` + `delete` permissions in their own isolated scope) can silently destroy share-link records belonging to any other user \u2014 including the administrator \u2014 by performing a legitimate DELETE on a file in their own directory whose logical path happens to be a byte-prefix of another user\u0027s stored `share.Link.Path`. The file contents of the victim are not exposed, but the victim\u0027s share links are irrevocably wiped.\n\n### Details\n`resourceDeleteHandler` in `http/resource.go` cleans up any share records that reference a deleted file by calling:\n\n```go\n// http/resource.go\nerr = d.store.Share.DeleteWithPathPrefix(file.Path)\n```\n\n`file.Path` here is the *logical* path from the URL of the deleting user\u0027s request (e.g. `/a`), not the absolute filesystem path. It is passed as-is to the bolt backend:\n\n```go\n// storage/bolt/share.go\nfunc (s shareBackend) DeleteWithPathPrefix(pathPrefix string) error {\n var links []share.Link\n if err := s.db.Prefix(\"Path\", pathPrefix, \u0026links); err != nil {\n return err\n }\n for _, link := range links {\n err = errors.Join(err, s.db.DeleteStruct(\u0026share.Link{Hash: link.Hash}))\n }\n return err\n}\n```\n**Why the design contradicts this behavior.** `share.Link` carries a `UserID` field and the application elsewhere treats shares as per-user owned resources. `shareDeleteHandler` explicitly enforces `link.UserID != d.user.ID \u0026\u0026 !d.user.Perm.Admin \u2192 403`. The file-deletion side-effect path is the only location that bypasses this rule.\n\n\n\n### Impact\n- Integrity: unauthorized deletion of share-link metadata belonging to arbitrary users, including administrators.\n- Availability: effective denial-of-service of the share-link feature \u2014 a cooperating (or malicious) low-priv user can wipe the bulk of existing share links by iterating a short set of one- and two-character prefixes.",
"id": "GHSA-5ww9-jg6q-38r7",
"modified": "2026-06-12T21:00:55Z",
"published": "2026-06-12T21:00:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/filebrowser/filebrowser/security/advisories/GHSA-5ww9-jg6q-38r7"
},
{
"type": "WEB",
"url": "https://github.com/filebrowser/filebrowser/commit/0231b7ebdfbe77a6c54027d30c4856c3fd81ee4d"
},
{
"type": "PACKAGE",
"url": "https://github.com/filebrowser/filebrowser"
},
{
"type": "WEB",
"url": "https://github.com/filebrowser/filebrowser/releases/tag/v2.63.6"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix"
}
GHSA-5WXC-3JFW-W94P
Vulnerability from github – Published: 2025-09-11 18:35 – Updated: 2025-12-20 02:57An Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to access, create, edit, relate data/object entries/definitions to an object in a different virtual instance.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.liferay:com.liferay.object.service"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.197"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-43790"
],
"database_specific": {
"cwe_ids": [
"CWE-639"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-12T19:49:10Z",
"nvd_published_at": "2025-09-11T18:15:34Z",
"severity": "HIGH"
},
"details": "An Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to access, create, edit, relate data/object entries/definitions to an object in a different virtual instance.",
"id": "GHSA-5wxc-3jfw-w94p",
"modified": "2025-12-20T02:57:24Z",
"published": "2025-09-11T18:35:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-43790"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal/commit/66b9a7dc4d40a10dec03e169ca8735add81e9bd9"
},
{
"type": "WEB",
"url": "https://github.com/liferay/liferay-portal"
},
{
"type": "WEB",
"url": "https://liferay.atlassian.net/browse/LPE-18065"
},
{
"type": "WEB",
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-43790"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Liferay Portal is vulnerable to Insecure Direct Object Reference (IDOR) attack through Authentication Bypass"
}
GHSA-5WXP-QJGQ-FX6M
Vulnerability from github – Published: 2026-05-14 14:54 – Updated: 2026-06-09 13:10Summary
A Mass Assignment vulnerability exists in the chatflow update endpoint of FlowiseAI.
The endpoint allows clients to modify server-controlled properties such as deployed, isPublic, workspaceId, createdDate, and updatedDate when updating a chatflow object.
Due to missing server-side validation and authorization checks, an authenticated user can manipulate internal attributes of a chatflow and reassign it to another workspace. This allows cross-workspace resource reassignment and unauthorized modification of deployment and visibility settings.
Details
The endpoint responsible for updating chatflows:
PUT /api/v1/chatflows/{chatflowId}
accepts a JSON request body containing the chatflow configuration (flowData) along with other metadata fields.
However, the server does not restrict which properties may be modified by the client. As a result, user-controlled request bodies can include additional fields that should normally be controlled only by the backend.
Examples of server-controlled fields that can be manipulated include:
- deployed
- isPublic
- workspaceId
- createdDate
- updatedDate
- category
- type
These fields appear to be directly mapped to the underlying database entity when processing the update request, suggesting that the server performs a direct merge of the request body into the chatflow model without applying a strict DTO whitelist or authorization checks.
For example, modifying the request body with:
{
"deployed": true,
"isPublic": true,
"createdDate": "1999-03-06T10:59:32.000Z",
"updatedDate": "1999-03-06T13:21:34.000Z",
"workspaceId": "11111111-2222-3333-4444-555555555555"
}
results in the server accepting and persisting these values.
In testing, a second workspace was created in the database and the workspaceId field was successfully modified through the API request. The chatflow was reassigned to the attacker-controlled workspace, confirming that the application does not enforce workspace ownership validation.
PoC
Authenticate to the Flowise interface.
Capture the request used to update a chatflow:
PUT /api/v1/chatflows/<CHATFLOW_ID>
Content-Type: application/json
Modify the request body by injecting additional fields:
{
"name": "test-flow",
"flowData": "{...}",
"deployed": true,
"isPublic": true,
"workspaceId": "11111111-2222-3333-4444-555555555555"
}
Send the request.
Observe that the response returns the manipulated values:
{
"deployed": true,
"isPublic": true,
"workspaceId": "11111111-2222-3333-4444-555555555555"
}
Verify in the database that the chatflow has been reassigned:
SELECT id, workspaceId FROM chat_flow WHERE id='<CHATFLOW_ID>';
The workspaceId value reflects the attacker-supplied workspace.
Impact
This vulnerability allows authenticated users to manipulate server-controlled attributes of chatflows.
Confirmed impacts include:
- Unauthorized modification of chatflow visibility (isPublic)
- Unauthorized deployment state changes (deployed)
- Cross-workspace reassignment of chatflows (workspaceId)
- Unauthorized modification of metadata (createdDate, updatedDate)
In multi-tenant environments, this allows an attacker to move chatflows between workspaces without authorization, breaking tenant isolation boundaries.
This may enable:
- Cross-workspace workflow takeover
- Unauthorized exposure of private workflows
- Manipulation of deployed agent workflows
The issue stems from missing authorization checks and improper handling of client-controlled input in the chatflow update endpoint.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 3.1.1"
},
"package": {
"ecosystem": "npm",
"name": "flowise"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42863"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-639",
"CWE-915"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-14T14:54:28Z",
"nvd_published_at": "2026-06-08T16:16:39Z",
"severity": "HIGH"
},
"details": "### Summary\nA Mass Assignment vulnerability exists in the chatflow update endpoint of FlowiseAI.\n\nThe endpoint allows clients to modify server-controlled properties such as deployed, isPublic, workspaceId, createdDate, and updatedDate when updating a chatflow object.\n\nDue to missing server-side validation and authorization checks, an authenticated user can manipulate internal attributes of a chatflow and reassign it to another workspace. This allows cross-workspace resource reassignment and unauthorized modification of deployment and visibility settings.\n\n### Details\nThe endpoint responsible for updating chatflows:\n\n**PUT /api/v1/chatflows/{chatflowId}**\n\naccepts a JSON request body containing the chatflow configuration (flowData) along with other metadata fields.\n\nHowever, the server does not restrict which properties may be modified by the client. As a result, user-controlled request bodies can include additional fields that should normally be controlled only by the backend.\n\nExamples of server-controlled fields that can be manipulated include:\n\n1. deployed\n2. isPublic\n3. workspaceId\n4. createdDate\n5. updatedDate\n6. category\n7. type\n\nThese fields appear to be directly mapped to the underlying database entity when processing the update request, suggesting that the server performs a direct merge of the request body into the chatflow model without applying a strict DTO whitelist or authorization checks.\n\nFor example, modifying the request body with:\n\n```json\n{\n \"deployed\": true,\n \"isPublic\": true,\n \"createdDate\": \"1999-03-06T10:59:32.000Z\",\n \"updatedDate\": \"1999-03-06T13:21:34.000Z\",\n \"workspaceId\": \"11111111-2222-3333-4444-555555555555\"\n}\n```\n\nresults in the server accepting and persisting these values.\n\nIn testing, a second workspace was created in the database and the workspaceId field was successfully modified through the API request. The chatflow was reassigned to the attacker-controlled workspace, confirming that the application does not enforce workspace ownership validation.\n\n\n### PoC\nAuthenticate to the Flowise interface.\n\nCapture the request used to update a chatflow:\n\n```http\nPUT /api/v1/chatflows/\u003cCHATFLOW_ID\u003e\nContent-Type: application/json\n\nModify the request body by injecting additional fields:\n\n{\n \"name\": \"test-flow\",\n \"flowData\": \"{...}\",\n \"deployed\": true,\n \"isPublic\": true,\n \"workspaceId\": \"11111111-2222-3333-4444-555555555555\"\n}\n```\n\nSend the request.\n\nObserve that the response returns the manipulated values:\n\n```json\n{\n \"deployed\": true,\n \"isPublic\": true,\n \"workspaceId\": \"11111111-2222-3333-4444-555555555555\"\n}\n```\n\nVerify in the database that the chatflow has been reassigned:\n\n```sql\nSELECT id, workspaceId FROM chat_flow WHERE id=\u0027\u003cCHATFLOW_ID\u003e\u0027;\n```\n\nThe workspaceId value reflects the attacker-supplied workspace.\n\n### Impact\nThis vulnerability allows authenticated users to manipulate server-controlled attributes of chatflows.\n\nConfirmed impacts include:\n\n- Unauthorized modification of chatflow visibility (isPublic)\n- Unauthorized deployment state changes (deployed)\n- Cross-workspace reassignment of chatflows (workspaceId)\n- Unauthorized modification of metadata (createdDate, updatedDate)\n\nIn multi-tenant environments, this allows an attacker to move chatflows between workspaces without authorization, breaking tenant isolation boundaries.\n\nThis may enable:\n\n- Cross-workspace workflow takeover\n- Unauthorized exposure of private workflows\n- Manipulation of deployed agent workflows\n\nThe issue stems from missing authorization checks and improper handling of client-controlled input in the chatflow update endpoint.",
"id": "GHSA-5wxp-qjgq-fx6m",
"modified": "2026-06-09T13:10:02Z",
"published": "2026-05-14T14:54:28Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-5wxp-qjgq-fx6m"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42863"
},
{
"type": "PACKAGE",
"url": "https://github.com/FlowiseAI/Flowise"
},
{
"type": "WEB",
"url": "https://github.com/FlowiseAI/Flowise/releases/tag/flowise%403.1.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "FlowiseAI has Mass Assignment in Chatflow Update Endpoint that Allows Cross-Workspace AgentFlow Reassignment"
}
Mitigation
For each and every data access, ensure that the user has sufficient privilege to access the record that is being requested.
Mitigation
Make sure that the key that is used in the lookup of a specific user's record is not controllable externally by the user or that any tampering can be detected.
Mitigation
Use encryption in order to make it more difficult to guess other legitimate values of the key or associate a digital signature with the key so that the server can verify that there has been no tampering.
No CAPEC attack patterns related to this CWE.