Agents
CVE-2026-40933: Flowise MCP Adapter Hit with Maximum-Severity RCE via Unsafe Stdio Command Serialization (CVSS 10.0)
A critical vulnerability in Flowise's MCP adapter (prior to v3.1.0) allows any authenticated user to add an MCP stdio server with an arbitrary command, achieving full remote code execution on the underlying OS. Despite input sanitization checks (validateCommandInjection, validateArgsForLocalFileAccess) and a predefined safe-command allowlist, tools like 'npx' can be combined with code-execution arguments that bypass all filters. CVSS 10.0 — network-accessible, low complexity, low privilege required, complete CIA impact.
Source
↳ Follow the thread