CVE-2026-58057 | THREATINT

Description

Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where environment names are case-insensitive, supplying 'node_options' bypasses the NODE_OPTIONS denylist entry. An authenticated user who can configure a Custom MCP node can thereby inject NODE_OPTIONS --require and execute arbitrary code in the Flowise server context.

PUBLISHED Reserved 2026-06-28 | Published 2026-06-28 | Updated 2026-06-28 | Assigner VulnCheck

MEDIUM: 5.0CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

LOW: 2.3CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Problem types

Improper Handling of Case Sensitivity

Product status

Default status

unaffected

Any version before 3.1.3

affected

3.1.3 (semver)

unaffected

Credits

ashdfrkl finder

References

github.com/...rium/tree/main/flowise-mcp-env-case-bypass-poc (Proof of Concept) exploit third-party-advisory

github.com/FlowiseAI/Flowise/pull/6471 (Fix (PR #6471, 3.1.3)) issue-tracking

www.vulncheck.com/...le-denylist-bypass-via-case-sensitivity (VulnCheck Advisory: Flowise - Custom MCP Environment Variable Denylist Bypass via Case Sensitivity) third-party-advisory

cve.org (CVE-2026-58057)

nvd.nist.gov (CVE-2026-58057)

Download JSON