Black & White Path
Apr 10, 2026 · Information Security
Critical Flowise Flaw Enables Hackers to Compromise Thousands of AI Workflows
Researchers discovered a critical CVE‑2025‑59528 in Flowise's custom MCP node that allows arbitrary JavaScript execution, was patched in version 3.0.6, yet thousands of instances remain exposed and were actively exploited in the wild as reported by VulnCheck.
AI workflow securityArbitrary code executionCVE-2025-59528
0 likes · 5 min read