{"data":{"id":"95cf2bec-b389-4908-80fa-2cd352ddf5f1","title":"GHSA-9rvc-vf7m-pgm2: FlowiseAI: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape","summary":"FlowiseAI's custom JavaScript function endpoint lacks proper authorization checks, allowing any authenticated user to submit arbitrary code that executes on the server. When the E2B sandbox (an external code execution service) is not configured, the code runs in a NodeVM sandbox (a JavaScript isolation tool) that can be escaped through error object manipulation, giving attackers access to the host system's process and ability to run commands via child_process (the Node.js module for executing system commands).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-9rvc-vf7m-pgm2","publishedAt":"2026-05-14T14:57:53.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["flowise@<= 3.1.1 (fixed: 3.1.2)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["FlowiseAI","NodeVM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-05-14T14:57:53.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}