CVE-2026-40933

NVD data not available for this CVE. It may be pending analysis or not yet published.

Related Intelligence (2)

Flowise’s MCP implementation can run ghost commands

Enterprises using the lightweight, open-source Flowise platform to power self-hosted AI workloads have a new near-max severity issue to worry about. Researchers at Obsidian Security have detailed a one-click remote code execution (RCE) vulnerability affecting self-hosted Flowise deployments through its implementation of Model Context Protocol ( MCP ) stdio servers. The problem is essentially a san

CVE-2026-40933

1d agoCSO Online

CRITICALVulnerabilityPOC

Exploit Code Published for Critical Flowise RCE Vulnerability

The one-click vulnerability allows attackers to execute arbitrary code on self-hosted Flowise servers by tricking users into importing a malicious chatflow. The post Exploit Code Published for Critical Flowise RCE Vulnerability appeared first on SecurityWeek .

CVE-2026-40933

3d agoSecurityWeek