CVE Catalog

CVE-2026-58057

MediumCVSS 5.0
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile — higher than 15% of all known CVEs

Summary

A vulnerability in Flowise before version 3.1.3 allows bypassing the denylist of environment variables for Custom MCP stdio nodes. On Windows, where environment variable names are case-insensitive, supplying 'node_options' bypasses the 'NODE_OPTIONS' denylist entry, enabling code injection.

Risk Assessment

An authenticated user with permission to configure a Custom MCP node can execute arbitrary code in the Flowise server context, leading to full application compromise and potentially system takeover.

Recommendation

Upgrade Flowise to version 3.1.3 or later immediately. Until the update, restrict access to Custom MCP node configuration to trusted users only.

Original NVD description (English source)

Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where environment names are case-insensitive, supplying 'node_options' bypasses the NODE_OPTIONS denylist entry. An authenticated user who can configure a Custom MCP node can thereby inject NODE_OPTIONS --require and execute arbitrary code in the Flowise server context.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS