GHSA-HMGH-466J-FX4C Flowise vulnerable to RCE via Dynamic function constructor injection

Summary User-controlled input flows to an unsafe implementaion of a dynamic Function constructor , allowing a malicious actor to run JS code in the context of the host not sandboxed leading to RCE. Details When creating a new Custom MCP Chatflow in the platform, the MCP Server Config displays a...

Duplicate Advisory: Flowise vulnerable to RCE via Dynamic function constructor injection

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hmgh-466j-fx4c. This link is maintained to preserve external references. Original Description User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers...

CVE-2025-55346

User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request...

CVE-2025-55346

Flowise exposes a remote code execution vector via the CustomMCP tool: input from mcpServerConfig is passed into a dynamic Function constructor (Function('return '+ input)()) in the host context, which can access global process and Node.js modules. This allows arbitrary JS execution (RCE) when cr...

Flowise 安全漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A security vulnerability exists in Flowise that stems from user-controlled input flow to an insecure dynamic function constructor implementation that could lead to the execution of arbitrary non-sandboxed JS code in the...