CVE-2026-40933

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0

Description An authenticated attacker can achieve command execution on the underlying operating system due to unsafe serialization of stdio commands in the MCP adapter. The issue stems from a bug in the input sanitization within the "Custom MCP" configuration at the endpoint 'http://localhost:3000/canvas'. Although the system employs sanitization checks such as validateCommandInjection() and validateArgsForLocalFileAccess(), and utilizes a list of predefined safe commands, these can be bypassed. For example, the command "npx" can be combined with code execution arguments like -c to execute arbitrary commands.

Recommendations Update to version 3.1.0.