module
Flowise Custom MCP Remote Code Execution
| Disclosed |
|---|
| Aug 14, 2025 |
Disclosed
Aug 14, 2025
Description
This module exploits a remote code execution vulnerability in Flowise versions >= 2.2.7-patch.1
and located in packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts and packages/components/nodes/tools/MCP/core.ts,
which allows users to execute arbitrary commands via StdioClientTransport by using the 'x-request-from: internal' header.
When FLOWISE_USERNAME and FLOWISE_PASSWORD are not configured, the exploit works unauthenticated. If Basic Auth is
enabled, the FLOWISE_USERNAME and FLOWISE_PASSWORD options must be set to provide credentials.
and located in packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts and packages/components/nodes/tools/MCP/core.ts,
which allows users to execute arbitrary commands via StdioClientTransport by using the 'x-request-from: internal' header.
When FLOWISE_USERNAME and FLOWISE_PASSWORD are not configured, the exploit works unauthenticated. If Basic Auth is
enabled, the FLOWISE_USERNAME and FLOWISE_PASSWORD options must be set to provide credentials.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.