CVE-2026-46442
Received Received - Intake
Remote Code Execution in Flowise AI

Publication date: 2026-06-08

Last updated on: 2026-06-08

Assigner: GitHub, Inc.

Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the Custom JS Function node. When E2B_APIKEY is not configured β€” the common deployment case β€” Flowise executes this code inside a NodeVM sandbox. This sandbox can be escaped, allowing an attacker to reach the host process object and execute system commands via child_process. The result is authenticated remote code execution on the Flowise server host. This issue has been patched in version 3.1.2.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-08
Last Modified
2026-06-08
Generated
2026-06-09
AI Q&A
2026-06-08
EPSS Evaluated
N/A
NVD
CVE-2026-46442
EUVD
EUVD-2026-35110
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
flowiseai flowise From 3.1.2 (exc)
flowise flowise to 3.1.2 (exc)
flowiseai flowise to 3.1.2 (exc)
flowiseai flowise 3.1.2
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

This vulnerability allows authenticated remote code execution on the Flowise server host, potentially leading to full system compromise including reading environment variables, accessing the filesystem, and making outbound network requests.

Such unauthorized access and control over the system could result in exposure or manipulation of sensitive data, which may violate data protection requirements under standards like GDPR and HIPAA.

Therefore, organizations using vulnerable versions of Flowise could face compliance risks due to potential breaches of confidentiality, integrity, and availability of protected data.

Executive Summary

CVE-2026-46442 is a critical vulnerability in Flowise versions 3.1.1 and earlier that allows authenticated users or API keys to execute arbitrary JavaScript code on the server via the POST /api/v1/node-custom-function endpoint.

This endpoint lacks proper route-level authorization, so any authenticated user can submit JavaScript code. The code is executed inside a NodeVM sandbox when the E2B_APIKEY environment variable is not configured, which is the default in most deployments.

However, the NodeVM sandbox can be escaped by exploiting an error-handling path, allowing attackers to access the host process object and execute system commands through the child_process module.

This results in authenticated remote code execution (RCE) on the Flowise server host, potentially leading to full system compromise.

Impact Analysis

This vulnerability can have severe impacts including full system compromise of the Flowise server.

  • Attackers can execute arbitrary system commands on the host.
  • They can read sensitive environment variables.
  • They can access and manipulate the filesystem.
  • They can make outbound network requests.
  • They can establish persistence on the compromised system.

Exploitation requires only a valid API key or authenticated session, but no additional privileges.

Detection Guidance

This vulnerability can be detected by monitoring for unauthorized or suspicious POST requests to the /api/v1/node-custom-function endpoint on Flowise servers. Since exploitation requires an authenticated user or API key, checking logs for unusual activity or unexpected JavaScript payload submissions to this endpoint is critical.

Specific commands to detect exploitation attempts are not provided in the available resources.

Mitigation Strategies

The immediate mitigation step is to upgrade Flowise to version 3.1.2 or later, where this vulnerability has been patched.

Additionally, configuring the E2B_APIKEY environment variable can help avoid the insecure fallback to the NodeVM sandbox.

Avoid using or exposing the vulnerable POST /api/v1/node-custom-function endpoint without proper authorization checks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-46442. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart