Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed Ravie LakshmananApr 07, 2026Artificial Intelligence / Vulnerability Threat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from VulnCheck. The vulnerability in question is CVE-2025-59528 (CVSS score: 10.0), a code injection vulnerability that could result in remote code execution. "The CustomMCP node allows users to input configuration settings for connecting to an external MCP (Model Context Protocol) server," Flowise said in an advisory released in September 2025. "This node parses the user-provided mcpServerConfig string to build the MCP server configuration. However, during this process, it executes JavaScript code without any security validation." Flowise noted that successful exploitation of the vulnerability can allow access to dangerous modules such as child_process (command execution) and fs (file system), as it runs with full Node.js runtime privileges. Put differently, a threat actor who weaponizes the flaw can execute arbitrary JavaScript code on the Flowise server, leading to full system compromise, file system access, command execution, and sensitive data exfiltration. "As only an API token is required, this poses an extreme security risk to business continuity and customer data," Flowise added. It credited Kim SooHyun with discovering and reporting the flaw. The issue was addressed in version 3.0.6 of the npm package. According to details shared by VulnCheck, exploitation activity against the vulnerability has originated from a single Starlink IP address. CVE-2025-59528 is the third Flowise flaw with in-the-wild exploitation after CVE-2025-8943 (CVSS score: 9.8), an operating system command remote code execution, and CVE-2025-26319 (CVSS score: 8.9), an arbitrary file upload. "This is a critical-severity bug in a popular AI platform used by a number of large corporations," Caitlin Condon, vice president of security research at VulnCheck, told The Hacker News in a statement. "This specific vulnerability has been public for more than six months, which means defenders have had time to prioritize and patch the vulnerability. The internet-facing attack surface area of 12,000+ exposed instances makes the active scanning and exploitation attempts we're seeing more serious, as it means attackers have plenty of targets to opportunistically reconnoiter and exploit." Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  artificial intelligence, Cloud security, cybersecurity, Open Source, remote code execution, Vulnerability Trending News Citrix Urges Patching Critical NetScaler Flaw Allowing Unauthenticated Data Leaks TeamPCP Backdoors LiteLLM Versions 1.82.7–1.82.8 via Trivy CI/CD Compromise New Perseus Android Banking Malware Monitors Notes Apps to Extract Sensitive Data ⚡ Weekly Recap: CI/CD Backdoor, FBI Buys Location Data, WhatsApp Ditches Numbers and More Google Adds 24-Hour Wait for Unverified App Sideloading to Reduce Malware and Scams ThreatsDay Bulletin: PQC Push, AI Vuln Hunting, Pirated Traps, Phishing Kits and 20 More Stories Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation FBI Warns Russian Hackers Target Signal, WhatsApp in Mass Phishing Attacks 54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security China-Linked Red Menshen Uses Stealthy BPFDoor Implants to Spy via Telecom Networks Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks FCC Bans New Foreign-Made Routers Over Supply Chain and Cyber Risk Concerns Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in Recent Mass Attacks TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug Load More ▼ Popular Resources [Demo] Discover SaaS Risks and Monitor Every App in Your Environment SANS SEC401: Get Hands On Skills to Detect and Respond to Cyber Threats Detect AI-Driven Threats Faster With Full Network Visibility [Guide] Learn How to Govern AI Agents With Proven Market Guidance