A vulnerability labeled as critical has been found in Flowise up to 3.1.1 . Affected by this vulnerability is an unknown functionality of the component Custom MCP Server Feature . The manipulation results in os command injection. This vulnerability is known as CVE-2026-56274 . It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.