CVE-2026-56274
Flowise - Remote Code Execution via MCP Security Bypass in validateCommandFlags and validateArgsForLocalFileAccess
CVSS Score
9.9
EPSS Score
0.0%
EPSS Percentile
0th
Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker with a Flowise account of any role, or API access with view/update permissions for chatflows, can configure a malicious MCP server to bypass the validateCommandFlags blocklist (for example, 'docker build' is not blocked, and 'npx --yes' is not blocked while only '-y' is) and the validateArgsForLocalFileAccess checks, resulting in execution of arbitrary commands on the Flowise host.
| CWE | CWE-78 |
| Vendor | flowise |
| Product | flowise |
| Published | Jun 23, 2026 |
| Last Updated | Jun 23, 2026 |
Stay Ahead of the Next One
Get instant alerts for flowise flowise
Be the first to know when new critical vulnerabilities affecting flowise flowise are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Flowise / Flowise
0 < 3.1.2
Flowise / Flowise
0 < 3.1.2
References
Credits
๐ cn-panda