Flowise code injection flaw (CVE-2025-59528)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2025-59528 is being actively exploited in Flowise, putting exposed servers at risk of remote code execution and full system compromise. The flaw is a maximum-severity code injection issue in the CustomMCP node, where a user-controlled `mcpServerConfig` string is parsed and JavaScript is executed without validation. Flowise addressed the bug in version 3.0.6, while defenders still face 12,000+ exposed instances and exploitation attempts from a single Starlink IP address.
Timeline
-
07.04.2026 08:56 2 articles · 1mo ago
VulnCheck discloses active exploitation of Flowise CVE-2025-59528
Initial DisclosureVulnCheck disclosed active exploitation of Flowise deployments using CVE-2025-59528, a CVSS 10.0 code injection flaw in the CustomMCP node that can execute arbitrary JavaScript and lead to remote code execution, full system compromise, file system access, command execution, and sensitive data exfiltration; the activity has been linked to a single Starlink IP address, and Flowise addressed the issue in version 3.0.6.
Show sources
- Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed — thehackernews.com — 07.04.2026 08:56
- Max severity Flowise RCE vulnerability now exploited in attacks — www.bleepingcomputer.com — 07.04.2026 20:02