CVE-2026-58057

Summary

Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where environment names are case-insensitive, supplying 'node_options' bypasses the NODE_OPTIONS denylist entry. An authenticated user who can configure a Custom MCP node can thereby inject NODE_OPTIONS –require and execute arbitrary code in the Flowise server context.

Affected Software

VendorProductVersion RangeStatus
FlowiseFlowise0 < 3.1.3affected
FlowiseFlowise3.1.3unaffected

Weaknesses

  • CWE-178: Improper Handling of Case Sensitivity

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References