Obsidian Security has released details and proof-of-concept code for a critical remote code execution vulnerability (CVE-2026-40933) in Flowise, an open-source platform for building AI applications, which could allow attackers to execute arbitrary commands on servers. The vulnerability arises from a systemic command injection flaw in the Anthropic MCP protocol and primarily affects self-hosted instances of Flowise prior to version 3.1.0.
The most valuable insight for you is the disclosure of a critical remote code execution vulnerability (CVE-2026-40933) in Flowise, with a CVSS score of 9.9. This vulnerability is particularly concerning for self-hosted instances as it enables OS-level execution with the server's privileges, often root, and can be exploited by importing a crafted chatflow configuration. Immediate action should be taken to update Flowise to version 3.1.0 or later and review access controls to prevent malicious insider exploitation.