GHSA-hmg2-jjjx-jcp2

Suggest an improvement
Source
https://github.com/advisories/GHSA-hmg2-jjjx-jcp2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-hmg2-jjjx-jcp2/GHSA-hmg2-jjjx-jcp2.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-hmg2-jjjx-jcp2
Aliases
  • CVE-2026-46444
Published
2026-05-14T16:19:23Z
Modified
2026-06-11T14:15:08.978316604Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
FlowiseAI: Vector Store No Permission Checks
Details

FINDING 4: OpenAI Assistants Vector Store - No Auth on CRUD Operations

Severity: HIGH (CVSS ~8.1) Type: CWE-306 (Missing Authentication for Critical Function) File: packages/server/src/routes/openai-assistants-vector-store/index.ts

Description: ALL CRUD endpoints for OpenAI Assistants Vector Store have no authentication middleware AND the route path /api/v1/openai-assistants-vector-store is NOT in WHITELIST_URLS. However, it is also NOT protected by the main auth middleware when accessed via API key — the route requires API key auth (not whitelisted), but NO permission checks exist on any operation.

The real issue is that the routes have no checkAnyPermission() middleware, meaning any authenticated user regardless of role can: - Create vector stores - Upload files to vector stores - Delete vector stores and files - Modify any vector store

Evidence:

// No permission middleware on any route
router.post('/', controller.createAssistantVectorStore)          // No permission check
router.put(['/', '/:id'], controller.updateAssistantVectorStore) // No permission check
router.delete(['/', '/:id'], controller.deleteAssistantVectorStore) // No permission check
router.post('/:id', getMulterStorage().array('files'), controller.uploadFilesToAssistantVectorStore) // No permission check

Impact: Any authenticated user can manipulate OpenAI vector stores, upload malicious files, delete data, or exfiltrate stored documents regardless of their assigned permissions.

Database specific 
{
    "github_reviewed": true,
    "severity": "HIGH",
    "github_reviewed_at": "2026-05-14T16:19:23Z",
    "cwe_ids": [
        "CWE-862"
    ],
    "nvd_published_at": "2026-06-08T16:16:41Z"
}
References

Affected packages

npm / flowise

Package

Name
flowise
View open source insights on deps.dev
Purl
pkg:npm/flowise

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.2

Database specific

last_known_affected_version_range 
"<= 3.1.1"
source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-hmg2-jjjx-jcp2/GHSA-hmg2-jjjx-jcp2.json"