Agents
Exploit Code Published for Critical Flowise MCP RCE (CVE-2026-40933, CVSS 9.9)
CVE-2026-40933 is a one-click remote code execution flaw in Flowise (52K+ GitHub stars) where the Custom MCP stdio adapter unsafely serializes commands, letting an authenticated attacker register an MCP stdio server with an arbitrary OS command. Obsidian Security showed that merely importing a crafted chatflow triggers server-side execution; exploit PoC code is now public. Affects flowise/flowise-components ≤3.0.13 (patched in 3.1.0); mitigation is switching Custom MCP transport from stdio to SSE. This is a concrete demonstration that MCP stdio adapters are an under-appreciated RCE surface in agent-builder platforms.
Source
↳ Follow the thread