When Is Stdio Mcp Actually A Vulnerability
Source: www.obsidiansecurity.com
Published:
<p>Security researchers at Obsidian Security discovered a one-click RCE in Flowise (CVE-2026-40933), an open-source platform for building LLM workflows and AI agents with over 52k GitHub stars. An attacker can fully compromise a server by convincing an authorized user to import a crafted chatflow. I