Flowise

Vulnerabilities 2026-04-07
Flowise AI Under Active Exploitation: CVSS 10.0 RCE via CustomMCP Node Hits 12,000+ Exposed Instances
Critical unauthenticated RCE in Flowise AI's CustomMCP node (CVE-2025-59528, CVSS 10.0) is under active exploitation. Over 12,000 instances are exposed. Patch to 3.0.6 immediately.
CVE-2025-59528 RCE AI Infrastructure Flowise MCP Node.js

Flowise AI Under Active Exploitation: CVSS 10.0 RCE via CustomMCP Node Hits 12,000+ Exposed Instances