Description
Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where environment names are case-insensitive, supplying 'node_options' bypasses the NODE_OPTIONS denylist entry. An authenticated user who can configure a Custom MCP node can thereby inject NODE_OPTIONS --require and execute arbitrary code in the Flowise server context.
Published: 2026-06-28
Score: 2.3 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Flowise versions before 3.1.3 validate Custom MCP stdio environment variables against a denylist using a case‑sensitive comparison. On Windows, where environment names are case‑insensitive, an attacker can provide 'node_options' to bypass the NODE_OPTIONS denylist entry. An authenticated user who can configure a Custom MCP node can inject a NODE_OPTIONS value containing --require and thereby execute arbitrary JavaScript code in the Flowise server process. This vulnerability falls under CWE‑178 and allows attacker control of the server context through authority to modify node configuration.

Affected Systems

The impacted product is Flowise, with all releases prior to version 3.1.3. The issue manifests on Windows operating systems, as the environment variable names are treated case‑insensitively, creating the bypass. No other operating systems or product versions are affected according to the available data.

Risk and Exploitability

The CVSS score of 2.3 indicates a low overall severity, largely because the vulnerability requires authentication and is limited to the Flowise server environment. EPSS information is not available, and the vulnerability is not listed in the CISA KEV catalog. The most likely attack vector is an authenticated Flowise user who has permission to edit Custom MCP nodes; such a user can supply a crafted environment variable name and value to trigger arbitrary code execution.

Generated by OpenCVE AI on June 28, 2026 at 03:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Flowise to version 3.1.3 or later to receive the fix that enforces a case‑insensitive denylist comparison.
  • Restrict the ability to configure Custom MCP nodes to trusted, privileged users only, limiting who can inject environment variables.
  • If an upgrade cannot be performed immediately, disable the Custom MCP node feature or block custom environment variable configuration to eliminate the bypass vector.

Generated by OpenCVE AI on June 28, 2026 at 03:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 28 Jun 2026 02:15:00 +0000

Type Values Removed Values Added
Description Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where environment names are case-insensitive, supplying 'node_options' bypasses the NODE_OPTIONS denylist entry. An authenticated user who can configure a Custom MCP node can thereby inject NODE_OPTIONS --require and execute arbitrary code in the Flowise server context.
Title Flowise - Custom MCP Environment Variable Denylist Bypass via Case Sensitivity
First Time appeared Flowiseai
Flowiseai flowise
Weaknesses CWE-178
CPEs cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*:*
Vendors & Products Flowiseai
Flowiseai flowise
References
Metrics cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L'}

cvssV4_0

{'score': 2.3, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Flowiseai Flowise
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-28T01:32:58.594Z

Reserved: 2026-06-28T00:55:25.426Z

Link: CVE-2026-58057

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T03:30:05Z

Weaknesses
  • CWE-178

    Improper Handling of Case Sensitivity