Threat Advisory

Critical Vulnerability in Flowise Packages Permits Malicious Activity

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: Critical
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-40933 with a CVSS score of 10.0 is a critical vulnerability in the npm/flowise and npm/flowise-components packages, specifically affecting versions. The vulnerability arises due to the unsafe serialization of stdio commands in the MCP adapter, allowing an authenticated attacker to add an MCP stdio server with an arbitrary command, resulting in command execution. An attacker can exploit this vulnerability by creating a new Custom MCP and adding a specially crafted command, such as "npx -c touch /tmp/pwn," which enables direct code execution on the underlying OS. By doing so, the attacker gains the capability to execute arbitrary system commands, posing a significant risk to the confidentiality, integrity, and availability of the system. If exploited, this vulnerability can lead to business-impacting consequences, including data breaches, system compromise, and reputational damage. To exploit this vulnerability, the attacker requires authenticated access to the system and the ability to add a new MCP configuration.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-40933 with a CVSS score of 10.0 is a critical vulnerability in the npm/flowise and npm/flowise-components packages, specifically affecting versions. The vulnerability arises due to the unsafe serialization of stdio commands in the MCP adapter, allowing an authenticated attacker to add an MCP stdio server with an arbitrary command, resulting in command execution. An attacker can exploit this vulnerability by creating a new Custom MCP and adding a specially crafted command, such as "npx -c touch /tmp/pwn," which enables direct code execution on the underlying OS. By doing so, the attacker gains the capability to execute arbitrary system commands, posing a significant risk to the confidentiality, integrity, and availability of the system. If exploited, this vulnerability can lead to business-impacting consequences, including data breaches, system compromise, and reputational damage. To exploit this vulnerability, the attacker requires authenticated access to the system and the ability to add a new MCP configuration.[emaillocker id="1283"]

RECOMMENDATION:

We recommend you to update npm/flowise and npm/flowise-components to version 3.1.2 or later.

REFERENCES:

The following reports contain further technical details:
https://github.com/advisories/GHSA-c9gw-hvqq-f33r

[/emaillocker]
crossmenu