Back to list

FlowiseAI: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape — CVE-2026-46442

GHSA · GitHub · CVE-2026-46442

ID
CVE-2026-46442
Date
Activity
Source
GHSA
Vendor
GitHub
Threat
critical
CVSS
9.4

Summary

### Summary `POST /api/v1/node-custom-function` lacks route-level authorization, allowing any authenticated user or API key to submit arbitrary JavaScript to the `Custom JS Function` node. When `E2B_APIKEY` is not configured — the common deployment case — Flowise executes this code inside a `NodeVM` sandbox. This sandbox can be escaped, allowing an attacker to reach the host `process` object and execute system…

Product

npm: flowise

What to do

General, cautious steps (verify details in the official source):

  • Prioritize patching or mitigation immediately (treat as actively risky).
  • Identify affected product versions in your inventory and verify whether you are impacted.
  • Apply vendor patches/updates or recommended mitigations as soon as available.
  • Read the official advisory for exact affected versions and remediation steps.

Official advisory

Related advisories

GitHub GHSA 2026-W20