{"data":{"id":"5f5fdb20-1fee-4d87-af1d-cb9f61211cd9","title":"Hackers exploit a critical Flowise flaw affecting thousands of AI workflows","summary":"Flowise, a low-code platform for building custom AI workflows, has a critical vulnerability (CVE-2025-59528, CVSS 10.0) where attackers can inject malicious JavaScript code through improperly validated configurations in the Custom MCP node (a plugin that lets AI agents connect to external tools). Hackers have already begun exploiting this flaw against thousands of exposed Flowise instances since April 6, 2025.","solution":"The flaw was patched in Flowise version 3.0.6. Users should upgrade to version 3.0.6 or later, with the latest version being 3.1.1 (released last month).","labels":["security"],"sourceUrl":"https://www.csoonline.com/article/4155680/hackers-exploit-a-critical-flowise-flaw-affecting-thousands-of-ai-workflows.html","publishedAt":"2026-04-08T12:24:30.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":[],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Flowise"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-04-08T12:24:30.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality","availability"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}