CVE-2026-58057

MEDIUM

Flowise - Custom MCP Environment Variable Denylist Bypass via Case Sensitivity

Title source: cna
STIX 2.1

Description

Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where environment names are case-insensitive, supplying 'node_options' bypasses the NODE_OPTIONS denylist entry. An authenticated user who can configure a Custom MCP node can thereby inject NODE_OPTIONS --require and execute arbitrary code in the Flowise server context.

References (3)

Core 3
Core References
Issue Tracking issue-tracking
Fix (PR #6471, 3.1.3)
https://github.com/FlowiseAI/Flowise/pull/6471
Third Party Advisory third-party-advisory
VulnCheck Advisory: Flowise - Custom MCP Environment Variable Denylist Bypass via Case Sensitivity
https://www.vulncheck.com/advisories/flowise-custom-mcp-environment-variable-denylist-bypass-via-case-sensitivity

Scores

CVSS v3 5.0
EPSS 0.0024
EPSS Percentile 15.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-178
Status published
Products (2)
Flowise/Flowise < 3.1.3
Flowise/Flowise 3.1.3
Published Jun 28, 2026
Tracked Since Jun 28, 2026