OS Command Injection Vulnerabilities in Flowise by FlowiseAI
CVE-2026-56274

8.7HIGH

Key Information:

Vendor: Flowise
Status: Flowise
Vendor: CVE Published:; 23 June 2026

What is CVE-2026-56274?

Flowise versions prior to 3.1.2 are susceptible to multiple OS command injection vulnerabilities within the Custom MCP Server feature. These flaws result from inadequate validation of command flags and the ability to bypass regex checks related to local file access. An attacker with valid Flowise account credentials or API access that grants permissions for chatflows can exploit these vulnerabilities. This includes the ability to configure a malicious MCP server, effectively circumventing the validateCommandFlags blocklist. For instance, commands like 'docker build' and 'npx --yes' are not properly blocked, potentially allowing arbitrary commands to be executed on the host system.

Affected Version(s)

Flowise 0 < 3.1.2

Flowise 3.1.2

References

https://github.com/FlowiseAI/Flowise/security/advisories/...

vendor-advisory

https://www.vulncheck.com/advisories/flowise-remote-code-...

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2026
Vulnerability Reserved
Jun 20, 2026

Credit

cn-panda

CVE-2026-56274 Data

JSON