CVE-2025-71336

Flowise vulnerability: Unsandboxed remote code execution in Custom MCP. Affected: Flowise before 3.0.6 (2.2.7-patch.1 and earlier). Attack requires crafting a JSON payload and header x-request-from: internal to /api/v1/node-load-method/customMCP, taking advantage of minimal auth to execute OS com...