Breaking
Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621 Hackers Hide Credit Card Stealer in Pixel-Sized SVG Images Targeting Magento Stores Microsoft Suspends Developer Accounts for High-Profile Open Source Projects European Commission Confirms Data Breach Linked to Trivy Supply Chain Attack Ransomware Attacks Surge in 2026: Healthcare and Finance Most Targeted Google Chrome Zero-Day Vulnerability Actively Exploited – Update Immediately
Latest Threat Intel Zero-Days Data Breaches Analysis
Live threat feed May 19, 2026 | 12:02 UTC
4110 CVEs This Month
6 Actively Exploited
2 Ransomware Activity
18 Breaches YTD
Threat Investigation Portal
Investigate an IOC in the live graph workspace.
Investigate IOC
AI Security

Active Exploitation of Critical RCE Vulnerability in Flowise AI Platform

Thirumala Rao Padilam Thirumala Rao Padilam April 7, 2026
Active Exploitation of Critical RCE Vulnerability in Flowise AI Platform

Security researchers at VulnCheck reveal that threat actors are actively exploiting CVE-2025-59528, a critical remote code execution vulnerability in the open-source AI platform Flowise. The flaw, stemming from unsafe configuration inputs in the CustomMCP node, affects over 12,000 publicly exposed instances.

What happened

VulnCheck discovered that CVE-2025-59528, a maximum-severity code injection vulnerability with a CVSS score of 10.0, is being actively exploited in Flowise. This vulnerability allows attackers to execute arbitrary code remotely by leveraging the CustomMCP node's configuration input functionality.

Why it matters

Flowise is an open-source artificial intelligence platform, and the presence of a remote code execution vulnerability with active exploitation poses significant risks. Compromise of exposed instances could lead to unauthorized control, affecting organizations using this platform for AI-related tasks.

Key technical details

The vulnerability resides in the CustomMCP node, which permits users to input configuration settings for connections. Improper handling of these inputs results in code injection, enabling remote attackers to execute arbitrary code on affected systems. The vulnerability is tracked as CVE-2025-59528 with a CVSS score of 10.0.

Affected organizations/products

The vulnerability impacts Flowise installations, with over 12,000 instances publicly exposed and susceptible to exploitation.

Source attribution

https://thehackernews.com/2026/04/flowise-ai-agent-builder-under-active.html

Thirumala Rao Padilam
Written by
Thirumala Rao Padilam
error: Content is protected !!