KEV Entry
CVE-2026-46442
Known Exploited Vulnerability Entry KEVIntel
Entry Details
Confirmed Exploited2026-07-17 07:51 UTC
Timestamps
2026-07-17
2026-07-17
Scope
Flowise: Authenticated Host RCE via POST /api/v1/node-custom-function and NodeVM Sandbox Escape | Affected: FlowiseAI / Flowise | CVSS: 9.4 (CRITICAL) | EPSS: 0.0082 | Used in malware: unknown | Not yet in CISA KEV: True
References
- {'id': 'CVE-2026-46442', 'url': 'https://www.cve.org/CVERecord?id=CVE-2026-46442'}
- {'id': 'kevintel', 'url': 'https://kevintel.com/CVE-2026-46442'}
91a28016-23d4-45f5-b951-0a883f6f08ac
KEVIntel
caeb2787-0d58-4236-9039-7c86c3e566f3
2026-07-17 08:00 UTC
2026-07-17 08:00 UTC
Evidence
1| Type | Source | Signal | Confidence | Details | GCVE Metadata |
|---|---|---|---|---|---|
| public_report | kevintel | successful_exploitation | 0.70 |
View details
|
- |