Exploit for Code Injection in Flowiseai Flowise

🗓️ 02 Nov 2025 07:39:25Reported by zimshkType

githubexploit

githubexploit🔗 github.com👁 205 Views

Remote code execution in Flowise via CustomMCP node executing user input with Function().

Reporter	Title	Published	Views	Family All 41
GithubExploit	Exploit for Code Injection in Flowiseai Flowise	15 Apr 202606:28	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Flowiseai Flowise	10 May 202607:11	–	githubexploit
GithubExploit	Exploit for Code Injection in Flowiseai Flowise	13 Apr 202611:32	–	githubexploit
GithubExploit	Exploit for Code Injection in Flowiseai Flowise	9 Jun 202600:31	–	githubexploit
GithubExploit	Exploit for Code Injection in Flowiseai Flowise	13 Apr 202621:06	–	githubexploit
GithubExploit	Exploit for Code Injection in Flowiseai Flowise	1 May 202617:20	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Flowiseai Flowise	14 Apr 202606:50	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Flowiseai Flowise	13 Apr 202601:54	–	githubexploit
GithubExploit	Exploit for Missing Authentication for Critical Function in Flowiseai Flowise	14 May 202621:15	–	githubexploit
GithubExploit	Exploit for Code Injection in Flowiseai Flowise	16 May 202618:06	–	githubexploit

02 Nov 2025 07:42Current

7.9High risk

Vulners AI Score7.9

CVSS 3.110

EPSS0.90183

SSVC

remote code execution flowise custom mcp node javascript evaluation nodejs runtime security vulnerability patch version 3.0.6