Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

4 days ago [email protected] (The Hacker News)
Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed


Threat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from VulnCheck.
The vulnerability in question is CVE-2025-59528 (CVSS score: 10.0), a code injection vulnerability that could result in remote code execution.
“The CustomMCP node allows users to input configuration settings for connecting

The post “Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed” appeared first on The Hacker News

Source:The Hacker News – [email protected] (The Hacker News)

Tags: , ,

More Stories

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

1 day ago [email protected] (The Hacker News)

Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

1 day ago [email protected] (The Hacker News)

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets

2 days ago [email protected] (The Hacker News)

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

2 days ago [email protected] (The Hacker News)

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

2 days ago [email protected] (The Hacker News)

Anthropic's Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems

3 days ago [email protected] (The Hacker News)