GHSA-cvrr-qhgw-2mm6: Flowise: Parameter Override Bypass Remote Command Execution
Summary
Flowise has a critical unauthenticated remote command execution (RCE) vulnerability that allows attackers to run arbitrary system commands with root privileges. The flaw exists in a validation check that uses `.includes()` instead of `.startsWith()` to filter the `FILE-STORAGE::` keyword, which an attacker can bypass by embedding it anywhere in a string (like in a comment). When bypassed, this allows the attacker to inject malicious values into the `mcpServerConfig` parameter and use `NODE_OPTIONS` environment variable injection to execute arbitrary code, but only if the chatflow has API Override enabled, is publicly shared, and contains a Custom MCP tool node.
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2026-63086: text-generation-inference through 3.3.7 contains a server-side request forgery (SSRF) vulnerability in the OpenAI-compat
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
Original source: https://github.com/advisories/GHSA-cvrr-qhgw-2mm6
First tracked: April 17, 2026 at 02:00 AM
Classified by LLM (prompt v3) · confidence: 95%