CVE-2026-56274 | Flowise up to 3.1.1 Custom MCP Server Feature os command injection (GHSA-m99r-2hxc-cp3q)

Inserito da Angelo Barbosa | Giu 23, 2026 | CVE

A vulnerability labeled as critical has been found in Flowise up to 3.1.1. Affected by this vulnerability is an unknown functionality of the component Custom MCP Server Feature. The manipulation results in os command injection.

This vulnerability is known as CVE-2026-56274. It is possible to launch the attack remotely. No exploit is available.

The affected component should be upgraded.

CVE-2026-56274 | Flowise up to 3.1.1 Custom MCP Server Feature os command injection (GHSA-m99r-2hxc-cp3q)

Post correlati

CVE-2024-0505 | ZhongFuCheng3y Austin 1.0 Upload Material Menu MaterialController.java getFile unrestricted upload

CVE-2024-35475 | OpenKM up to 6.3.11 /admin/DatabaseQuery cross-site request forgery

CVE-2024-4666 | Borderless Plugin up to 1.5.3 on WordPress Widgets cross site scripting

CVE-2026-10251 | itsourcecode Online House Rental System 1.0 /ajax.php?action=login Username sql injection