module
Flowise JS Injection RCE
| Disclosed |
|---|
| Sep 13, 2025 |
Disclosed
Sep 13, 2025
Description
This module exploits a remote code execution vulnerability in Flowise versions >= 2.2.7-patch.1
and located in packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts, which allows users to execute
arbitrary commands via JavaScript code injection in the mcpServerConfig parameter using the
convertToValidJSONString function that uses Function('return ' + inputString)(). For versions
the exploit can work unauthenticated if FLOWISE_USERNAME and FLOWISE_PASSWORD environment variables
are not configured. For versions >= 3.0.1, authentication via FLOWISE_EMAIL and FLOWISE_PASSWORD is
required due to JWT token verification.
and located in packages/components/nodes/tools/MCP/CustomMCP/CustomMCP.ts, which allows users to execute
arbitrary commands via JavaScript code injection in the mcpServerConfig parameter using the
convertToValidJSONString function that uses Function('return ' + inputString)(). For versions
the exploit can work unauthenticated if FLOWISE_USERNAME and FLOWISE_PASSWORD environment variables
are not configured. For versions >= 3.0.1, authentication via FLOWISE_EMAIL and FLOWISE_PASSWORD is
required due to JWT token verification.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.