GHSA-cvrr-qhgw-2mm6: Flowise: Parameter Override Bypass Remote Command Execution
Summary
Flowise has a critical unauthenticated remote command execution (RCE) vulnerability that allows attackers to run arbitrary system commands with root privileges. The flaw exists in a validation check that uses `.includes()` instead of `.startsWith()` to filter the `FILE-STORAGE::` keyword, which an attacker can bypass by embedding it anywhere in a string (like in a comment). When bypassed, this allows the attacker to inject malicious values into the `mcpServerConfig` parameter and use `NODE_OPTIONS` environment variable injection to execute arbitrary code, but only if the chatflow has API Override enabled, is publicly shared, and contains a Custom MCP tool node.
Classification
Affected Vendors
Affected Packages
Related Issues
Original source: https://github.com/advisories/GHSA-cvrr-qhgw-2mm6
First tracked: April 17, 2026 at 02:00 AM
Classified by LLM (prompt v3) · confidence: 95%