OBSIDIAN Security has disclosed a remote code execution (RCE) vulnerability in Flowise (CVE-2026-40933), with a high severity rating (CVSS 9.9). Flowise is an open-source platform that aids in AI development. The vulnerability stems from a systemic command injection flaw in Anthropic’s MCP protocol, allowing arbitrary shell commands to be executed on Flowise installations prior to version 3.1.0. Attackers can exploit this by tricking users into importing a malicious chatflow that executes harmful commands.
Flowise Cloud is not at risk, but self-hosted instances are vulnerable. Successful exploitation can lead to significant security breaches, impacting connected services.