Skip to content

Hide Navigation Hide TOC

Flowise Custom MCP STDIO Command Injection (CVE-2026-40933) - ATR-2026-00415 (ef7a699b-d454-5582-a918-ed66c94f376b)

Detects exploitation of CVE-2026-40933 (CVSS 9.9), authenticated RCE in Flowise Custom MCP node before v3.1.0. Flowise's MCP adapter performs validateCommandInjection / validateArgsForLocalFileAccess checks but attackers bypass them by combining allow-listed commands (e.g. npx, node) with code-execution flags such as npx -c '<inline JS>' or node -e '<inline JS>'. Result: arbitrary OS command execution on the Flowise host. Disclosed 2026-04-15 (OX Security MCP-by-design batch). Distinct from CVE-2025-59528 (template injection in System Message); this rule covers the STDIO command-list bypass surface.

Cluster A Galaxy A Cluster B Galaxy B Level
Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern Flowise Custom MCP STDIO Command Injection (CVE-2026-40933) - ATR-2026-00415 (ef7a699b-d454-5582-a918-ed66c94f376b) Agent Threat Rules 1
Exploit Public-Facing Application (47d73872-5336-44f7-81e3-d30bc7e039dd) MITRE ATLAS Attack Pattern Flowise Custom MCP STDIO Command Injection (CVE-2026-40933) - ATR-2026-00415 (ef7a699b-d454-5582-a918-ed66c94f376b) Agent Threat Rules 1
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Flowise Custom MCP STDIO Command Injection (CVE-2026-40933) - ATR-2026-00415 (ef7a699b-d454-5582-a918-ed66c94f376b) Agent Threat Rules 1
AI Model Inference API Access (90a420d4-3f03-4800-86c0-223c4376804a) MITRE ATLAS Attack Pattern Flowise Custom MCP STDIO Command Injection (CVE-2026-40933) - ATR-2026-00415 (ef7a699b-d454-5582-a918-ed66c94f376b) Agent Threat Rules 1
Exploit Public-Facing Application - T1190 (3f886f2a-874f-4333-b794-aa6075009b1c) Attack Pattern Flowise Custom MCP STDIO Command Injection (CVE-2026-40933) - ATR-2026-00415 (ef7a699b-d454-5582-a918-ed66c94f376b) Agent Threat Rules 1
JavaScript - T1059.007 (0f4a0c76-ab2d-4cb0-85d3-3f0efb8cba0d) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 2