Critical Flowise Flaw Gives Attackers Full Server Control

A critical remote-code-execution flaw (CVE-2026-40933) in the open-source Flowise AI workflow platform allows an attacker to run arbitrary commands on self-hosted servers simply by getting a logged-in user to import a malicious chatflow; a public PoC exists and the vendor's input-validation patch can be bypassed. Managed Flowise Cloud is not affected; recommended mitigations are disabling the Custom MCP stdio transport (use SSE) and treating imported MCP configurations as code from trusted sources.