CYBERHAWK / CVE / CVE-2026-46442

CVE-2026-46442

CRITICAL CVSS 9.9 other

The flaw

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitra

What to do

Review advisory and patch per vendor guidance.

▸ Scan my repo for CVE-2026-46442

References

NVD CISA KEV OSV GitHub Advisory MITRE News search

First seen 2026-06-12 · Tracked by PickBits CyberHawk · Weekly CVE digest

← All CVEs RSS Scheduled audits