Vulnerabilities3 min read
Flowise One-Click RCE — Import a Chatflow, Lose Your Server
CVE-2026-40933 (CVSS 9.9) allows attackers to compromise self-hosted Flowise AI agent builders by tricking users into importing a malicious chatflow. The payload executes during import without user action.
Marcus ChenMay 31, 2026