Flowise is a technology platform tracked across 8 threat clusters and 17 intelligence report mentions on ThreatCluster. First observed April 7, 2026; most recent activity June 23, 2026.
Flowise has disclosed a critical remote code execution vulnerability, tracked as CVE-2026-56274, affecting versions prior to 3.1.2 of its Custom MCP Server feature. The flaw allows attackers to exploit multiple OS…
A critical remote code execution (RCE) vulnerability in the Flowise low-code platform, tracked as CVE-2025-59528, is being actively exploited by threat actors. This flaw allows attackers to inject arbitrary JavaScript…
A critical vulnerability in Langflow, tracked as CVE-2026-33017, allows unauthenticated remote code execution (RCE) via the POST /api/v1/build_public_tmp/{flow_id}/flow endpoint. This flaw was exploited within 20 hours…
Obsidian Security identified a critical one-click remote code execution (RCE) vulnerability in Flowise (CVE-2026-40933), affecting self-hosted deployments. The flaw allows attackers to execute arbitrary server-side code…
On April 20, 2026, Tenable reported multiple vulnerabilities in Flowise, a software platform. The vulnerabilities include an insecure implementation of the Faiss and SimpleStore vector store, which allows authenticated…
Anthropic has announced the launch of Project Glasswing, utilizing its unreleased AI model, Claude Mythos Preview, to identify and exploit thousands of critical software vulnerabilities across major operating systems…
A report by OX Security has identified a critical vulnerability in the Model Context Protocol (MCP) developed by Anthropic, potentially exposing over 200,000 AI servers to remote code execution. The flaw lies in the…
A design flaw in Anthropic's Model Context Protocol (MCP) threatens approximately 200,000 servers with complete takeover, according to the Ox research team. Despite multiple requests for a patch, Anthropic maintains…