CVE ID :CVE-2026-46442 Published : June 8, 2026, 4:16 p.m. | 58 minutes ago Description :Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any...

#Sicherheitslücke

Original-Artikel öffnen Zurück zur Übersicht

ARTICLEVIEW

CVE-2026-46442 - Flowise: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape

VERWANDTEARTIKEL

CVE-2026-11393 - Code injection via improper triple-quote escaping in AgentCore CLI Bedrock Agent import

CVE-2026-8913 - Command Injection in TP-Link's Archer MR600 WireGuard Client Configuration

CVE-2026-11556 - Tenda F451 Web Management WriteFacMac formWriteFacMac os command injection

CVE-2026-11553 - Tenda HG7HG9/HG10 formPPPEdit stack-based overflow

Check Point VPN 0-day Vulnerability Exploited in the Wild to Deploy Ransomware

CVE-2026-46481 - OpenMetadata: TEST_CONNECTION workflow leaks ingestion-bot JWT and database password to regular users