Threat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from VulnCheck.
The vulnerability in question is CVE-2025-59528 (CVSS score: 10.0), a code injection vulnerability that could result in remote code execution.
"The CustomMCP node allows users to input configuration settings for connecting



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/04/flowise-ai-agent-builder-under-active.html