Lucene search
K

27 matches found

Nuclei
Nuclei
added 3 days ago1049 views

Flowise - Remote Code Execution

Flowise 3.0.5 contains a remote code execution vulnerability caused by unsafe evaluation of user input in the CustomMCP node's convertToValidJSONString function, letting remote attackers execute arbitrary code with full Node.js privileges, exploit requires user input to be processed by the...

10CVSS8AI score0.90183EPSS
Exploits21References2
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.44 views

CVE-2026-58057 Flowise - Custom MCP Environment Variable Denylist Bypass via Case Sensitivity

Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where environment names are case-insensitive, supplying 'nodeoptions' bypasses the NODEOPTIONS denylist entry. An authenticated user who can configure a Custo...

5CVSS0.0024EPSS
Exploits0References3
CVE
CVE
added 2026/06/28 1:32 a.m.27 views

CVE-2026-58057

Flowise before 3.1.3 is affected: a case-sensitive denylist for Custom MCP stdio environment variables allows bypass on Windows (case-insensitive env names). An authenticated user who can configure a Custom MCP node can inject NODE_OPTIONS --require to execute arbitrary code in the Flowise server...

5CVSS6.1AI score0.0024EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.13 views

PT-2026-53089

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.3 Description An authenticated user can execute arbitrary code in the server context by configuring a Custom MCP node. The issue occurs because environment variables are validated against a denylist using a...

5CVSS6.1AI score0.0024EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2025-210342

Flowise before 3.0.6 affected versions 2.2.7-patch.1 and earlier contains an unsandboxed remote code execution vulnerability in the Custom MCP feature, which is designed to execute OS commands such as launching local MCP servers. Because Flowise's authentication and authorization model is minimal...

9.8CVSS6.8AI score0.00757EPSS
Exploits1References3
NVD
NVD
added 2026/06/25 10:16 p.m.7 views

CVE-2025-71336

Flowise before 3.0.6 affected versions 2.2.7-patch.1 and earlier contains an unsandboxed remote code execution vulnerability in the Custom MCP feature, which is designed to execute OS commands such as launching local MCP servers. Because Flowise's authentication and authorization model is minimal...

9.8CVSS0.00757EPSS
Exploits1References2
CVE
CVE
added 2026/06/25 9:41 p.m.17 views

CVE-2025-71336

Flowise vulnerability: Unsandboxed remote code execution in Custom MCP. Affected: Flowise before 3.0.6 (2.2.7-patch.1 and earlier). Attack requires crafting a JSON payload and header x-request-from: internal to /api/v1/node-load-method/customMCP, taking advantage of minimal auth to execute OS com...

9.8CVSS6.8AI score0.00757EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 9:41 p.m.23 views

CVE-2025-71336 Flowise - Unsandboxed Remote Code Execution via Custom MCP

Flowise before 3.0.6 affected versions 2.2.7-patch.1 and earlier contains an unsandboxed remote code execution vulnerability in the Custom MCP feature, which is designed to execute OS commands such as launching local MCP servers. Because Flowise's authentication and authorization model is minimal...

9.8CVSS0.00757EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52615

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.0.6 Description The Custom MCP feature, used for executing OS commands like launching local MCP servers, is unsandboxed. Due to a minimal authentication and authorization model lacking role-based access control, and...

9.8CVSS6AI score0.00757EPSS
Exploits1References7
EUVD
EUVD
added 2026/06/23 12:13 p.m.18 views

EUVD-2026-38434

Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions f...

9.9CVSS6.2AI score0.02683EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:13 p.m.5 views

CVE-2026-56274

Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions f...

9.9CVSS6.2AI score0.02683EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2026/05/01 5:20 p.m.167 views

Exploit for Code Injection in Flowiseai Flowise

CVE-2025-59528 PoC ⚠️ For educational and authorized securit...

10CVSS6.1AI score0.90183EPSS
Exploits21
NVD
NVD
added 2026/04/21 10:16 p.m.10 views

CVE-2026-40933

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command execution. The vulnerabilit...

9.9CVSS0.01987EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/04/21 9:0 p.m.5 views

CVE-2026-40933 Flowise: Authenticated RCE Via MCP Adapters

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can add an MCP stdio server with an arbitrary command, achieving command execution. The vulnerabilit...

9.9CVSS6.6AI score0.01987EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2026/04/13 11:32 a.m.309 views

Exploit for Code Injection in Flowiseai Flowise

CVE-2025-59528 - FlowiseAI CustomMCP Remote Code Execution...

10CVSS5.9AI score0.90183EPSS
Exploits21
Packet Storm
Packet Storm
added 2025/11/24 12:0 a.m.277 views

📄 Flowise JS Injection Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Flowise versions greater than or equal to 2.2.7-patch.1 and less than 3.0.6. The vulnerability exists in the customMCP endpoint /api/v1/node-load-method/customMCP located in...

10CVSS9.2AI score0.90183EPSS
Exploits21
Metasploit
Metasploit
added 2025/11/22 6:57 p.m.491 views

Flowise JS Injection RCE

This module exploits a remote code execution vulnerability in Flowise versions = 2.2.7-patch.1 and = 3.0.1, authentication via FLOWISEEMAIL and FLOWISEPASSWORD is required due to JWT token verification. Module Options msf use exploit/multi/http/flowisejsrce msf exploitflowisejsrce show targets...

10CVSS6.4AI score0.90183EPSS
Exploits21
GithubExploit
GithubExploit
added 2025/11/02 7:39 a.m.228 views

Exploit for Code Injection in Flowiseai Flowise

CVE-2025-59528.yaml Flowise is a drag & drop user interface to...

10CVSS7.9AI score0.90183EPSS
Exploits21
OSV
OSV
added 2025/10/06 2:8 p.m.7 views

GHSA-HMGH-466J-FX4C Flowise vulnerable to RCE via Dynamic function constructor injection

Summary User-controlled input flows to an unsafe implementaion of a dynamic Function constructor , allowing a malicious actor to run JS code in the context of the host not sandboxed leading to RCE. Details When creating a new Custom MCP Chatflow in the platform, the MCP Server Config displays a...

9.8CVSS7.8AI score0.1742EPSS
Exploits0References4
NVD
NVD
added 2025/09/22 8:15 p.m.13 views

CVE-2025-59528

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5, Flowise is vulnerable to remote code execution. The CustomMCP node allows users to input configuration settings for connecting to an external MCP server. This node parses the user-provided...

10CVSS0.90183EPSS
Exploits21References8
Rows per page
Query Builder