Critical RCE Vulnerability Discovered in Flowise's MCP Implementation

Obsidian Security identified a critical one-click remote code execution (RCE) vulnerability in Flowise (CVE-2026-40933), affecting self-hosted deployments. The flaw allows attackers to execute arbitrary server-side code by importing malicious chatflows, compromising server environments and sensitive data. Flowise's stdio MCP configuration lacks proper sandboxing, enabling this exploit. Although Flowise Cloud is safe due to stdio MCP being disabled, self-hosted versions remain vulnerable. The current patch relies on input validation that can be easily bypassed, leaving systems at risk. This vulnerability has a CVSS score of 9.9, indicating near-max severity. Organizations using Flowise are urged to review their configurations and consider disabling stdio MCP to mitigate risks.

Key Points: • CVE-2026-40933 allows one-click RCE in self-hosted Flowise deployments. • The vulnerability stems from inadequate sandboxing in stdio MCP configurations. • Current patches are insufficient, relying on easily bypassed input validation.