GHSA-m99r-2hxc-cp3q: Flowise has an MCP Security Bypass that Enables RCE

May 14, 2026 (updated May 15, 2026)

There are three bypass methods for the security limitations of the Flowise MCP feature, and attackers can execute arbitrary commands by combining these three methods

References

github.com/FlowiseAI/Flowise/releases/tag/flowise%403.1.2
github.com/FlowiseAI/Flowise/security/advisories/GHSA-m99r-2hxc-cp3q
github.com/advisories/GHSA-m99r-2hxc-cp3q

Code Behaviors & Features

Detect and mitigate GHSA-m99r-2hxc-cp3q with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →