CVE-2025-71336
Received Received - Intake
Remote Code Execution in Flowise AI Platform

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: VulnCheck

Description
Flowise before 3.0.6 (affected versions 2.2.7-patch.1 and earlier) contains an unsandboxed remote code execution vulnerability in the Custom MCP feature, which is designed to execute OS commands such as launching local MCP servers. Because Flowise's authentication and authorization model is minimal and lacks role-based access control, and the default installation runs without authentication unless FLOWISE_USERNAME and FLOWISE_PASSWORD are set, an attacker can send a crafted JSON payload with the header 'x-request-from: internal' to the /api/v1/node-load-method/customMCP endpoint to execute arbitrary OS commands, resulting in complete compromise of the platform container or server.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2025-71336
EUVD
EUVD-2025-210342
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
flowise flowise to 3.0.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

Flowise versions before 3.0.6, including 2.2.7-patch.1 and earlier, have a remote code execution vulnerability in the Custom MCP feature. This feature is intended to execute operating system commands, such as launching local MCP servers. However, due to minimal authentication and authorization controls, and the default installation running without authentication unless specific environment variables are set, an attacker can exploit this by sending a specially crafted JSON payload with a specific header to a particular API endpoint. This allows the attacker to execute arbitrary OS commands, potentially leading to full compromise of the platform container or server.

Impact Analysis

This vulnerability can have severe impacts as it allows an attacker to execute arbitrary operating system commands remotely without any authentication. This can lead to complete compromise of the platform container or server running Flowise, resulting in unauthorized access, data theft, data manipulation, service disruption, or further attacks on connected systems.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-71336. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart