CVE-2026-43995 | FlowiseAI Flowise up to 3.0.12 Custom MCP validateMCPServerConfig server-side request forgery

Inserito da Angelo Barbosa | Mag 6, 2026 | CVE

A vulnerability was found in FlowiseAI Flowise up to 3.0.12. It has been rated as critical. This issue affects the function validateMCPServerConfig of the component Custom MCP Component. The manipulation leads to server-side request forgery.

This vulnerability is uniquely identified as CVE-2026-43995. The attack is possible to be carried out remotely. Moreover, an exploit is present.

Upgrading the affected component is advised.

CVE-2026-43995 | FlowiseAI Flowise up to 3.0.12 Custom MCP validateMCPServerConfig server-side request forgery

Post correlati

CVE-2025-50669 | D-Link DI-8003/DI-8003G 16.07.26A1/19.12.10A1 /wan_ping.asp wan_ping buffer overflow

CVE-2026-40496 | freescout-help-desk freescout up to 1.8.212 Attachments random values (GHSA-2783-wxmm-wmwr)

CVE-2025-14652 | itsourcecode Online Cake Ordering System 1.0 admindetail.php?action=edit ID sql injection

CVE-2025-6939 | TOTOLINK A3002RU 3.0.0-B20230809.1615 HTTP POST Request /boafrm/formWlSiteSurvey submit-url buffer overflow