What is CVE-2025-59528 in Flowise?

It's a CVSS 10.0 code injection flaw in the CustomMCP node that lets attackers run arbitrary JavaScript, leading to RCE via modules like child_process and fs.

How to fix Flowise RCE vulnerability?

Upgrade to Flowise npm package version 3.0.6 or later, restrict port 3000 access, rotate API tokens, and scan for exposed instances with Shodan.

Are there active exploits against Flowise?

Yes, VulnCheck reports scanning and exploitation attempts from a single Starlink IP against 12,000+ exposed instances.

🕳️ Vulnerabilities & CVEs

Flowise's CVSS 10 RCE Nightmare: 12,000 Exposed AI Servers Under Siege

Open-source AI agent builders like Flowise were supposed to democratize intelligent automation. Instead, a perfect-score vulnerability has hackers knocking on 12,000 doors.

Threat Digest Apr 07, 2026 4 min read

Flowise AI dashboard showing vulnerable CustomMCP node with RCE warning overlay

⚡ Key Takeaways

CVSS 10.0 RCE in Flowise's CustomMCP node allows arbitrary JS execution with full Node.js privileges. 𝕏
Over 12,000 internet-exposed instances remain vulnerable despite a 6-month-old patch. 𝕏
Third exploited Flowise flaw this year signals deeper architectural risks in AI agent builders. 𝕏

Published by

Threat Digest

Threat intelligence. Zero noise.

#AI security #CVE-2025-59528 #Flowise #RCE exploitation

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by The Hacker News

⚡ Key Takeaways

The 60-Second TL;DR

Threat Digest

Share this article

Worth sharing?

Related Stories

Flowise's RCE Nightmare: 15,000 Exposed Servers in Hackers' Sights

Flowise's Perfect-10 RCE Flaw Goes Live: 15,000 Exposed Servers in the Crosshairs

ChatGPT's One-Prompt Data Heist: Your Secrets Just Got Leaky

Shadow AI Sneaks Into Hospitals: Docs Ditch Rules, Execs Scramble

Stay in the loop