Flowise instances before version 3.1.0 are vulnerable to an unauthenticated remote command execution flaw that allows an attacker to override configuration parameters using the FILE-STORAGE:: keyword together with a NODE_OPTIONS environment variable injection. Exploitation injects arbitrary system commands that are executed with the privileges of the containerised Flowise process, typically root. The flaw requires only a single HTTP request and no authentication, enabling a remote attacker to gain complete control of the host running the application. The associated CWE-20 indicates that insufficient input validation underlies the weakness.

The affected product is Flowise, a drag‑and‑drop interface for building large language model flows, provided by FlowiseAI. Any installation running a Flowise version earlier than 3.1.0 is susceptible, regardless of the operating system, as long as it is executed within a containerised environment. No further sub‑version or patch details are supplied.

With a CVSS score of 9.8 the risk is considered Critical. The EPSS score of less than 1% suggests exploitation is currently rare, but the lack of authentication and single‑request requirement mean that compromised or exposed instances pose a high risk. The vulnerability is not listed in the CISA KEV catalog, yet the high severity and the ability to achieve root privileges make it a top priority. Attackers can reach the target by sending a crafted HTTP request containing the overriding parameters; no additional code execution prerequisites are required beyond the standard service operation.