{"data":{"id":"185696db-2282-4cc5-baf2-7e55eb9d51be","title":"GHSA-m99r-2hxc-cp3q: Flowise has an MCP Security Bypass that Enables RCE","summary":"Flowise, a tool for building AI applications, has a security vulnerability in its MCP feature (model context protocol, which lets AI tools run system commands) that allows attackers to bypass command restrictions and execute arbitrary code. The vulnerability has three bypass methods: the 'docker build' command isn't blocked (allowing remote code execution through malicious Dockerfiles), the 'npx --yes' long parameter isn't blocked (allowing installation of malicious packages), and a third unspecified method. Any Flowise user can exploit this if the system has docker or npx installed.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-m99r-2hxc-cp3q","publishedAt":"2026-05-14T14:57:30.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["flowise-components@<= 3.1.1 (fixed: 3.1.2)","flowise@<= 3.1.1 (fixed: 3.1.2)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["Flowise"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-05-14T14:57:30.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"framework","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}