module
Flowise JS Injection RCE
| Disclosed | Created |
|---|---|
| Sep 13, 2025 | Nov 22, 2025 |
Disclosed
Sep 13, 2025
Created
Nov 22, 2025
Description
This module exploits a remote code execution vulnerability in Flowise versions >= 2.2.7-patch.1
and located in packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts, which allows users to execute
arbitrary commands via JavaScript code injection in the mcpServerConfig parameter using the
convertToValidJSONString function that uses Function('return ' + inputString)(). For versions
the exploit can work unauthenticated if FLOWISE_USERNAME and FLOWISE_PASSWORD environment variables
are not configured. For versions >= 3.0.1, authentication via FLOWISE_EMAIL and FLOWISE_PASSWORD is
required due to JWT token verification.
and located in packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts, which allows users to execute
arbitrary commands via JavaScript code injection in the mcpServerConfig parameter using the
convertToValidJSONString function that uses Function('return ' + inputString)(). For versions
the exploit can work unauthenticated if FLOWISE_USERNAME and FLOWISE_PASSWORD environment variables
are not configured. For versions >= 3.0.1, authentication via FLOWISE_EMAIL and FLOWISE_PASSWORD is
required due to JWT token verification.
Authors
Platform
Linux,Unix,Windows
Architectures
cmd
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.