Enterprises using the lightweight, open-source Flowise platform to power self-hosted AI workloads now have a new near-max-severity issue to worry about. Researchers at Obsidian Security have detailed a one-click remote code execution (RCE) vulnerability affecting self-hosted Flowise deployments through its implementation of Model Context Protocol (MCP) stdio servers. The problem is essentially a sandboxing failure of attacker-controlled MCP configurations, leading to server-side code executio...

Read the original article