A critical vulnerability in the open-source AI platform Flowise, identified as CVE-2026-40933, allows attackers full server control by importing a malicious workflow file. This flaw primarily affects self-hosted deployments while the managed Flowise Cloud service remains unaffected. The issue stems from the platform's Custom MCP tool, which executes user commands without sandboxing.
Despite a newly added input-validation patch, Obsidian Security warns that the security measures can be bypassed, leaving systems vulnerable. Users are advised to disable the stdio transport and only load workflows from trusted sources to mitigate risks.