Most recent sightings.

https://vulnerability.circl.lu/sightings/feed Most recent sightings. 2026-06-25T13:23:35.758795+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/f6fd408c-a0ea-4383-b928-2572362211f1/export f6fd408c-a0ea-4383-b928-2572362211f1 2026-06-25T13:23:35.775870+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "f6fd408c-a0ea-4383-b928-2572362211f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56274", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moxmasquup2a", "content": "CVE-2026-56274 - Flowise - Remote Code Execution via MCP Security Bypass in validateCommandFlags and validateArgsForLocalFileAccess\nCVE ID : CVE-2026-56274\n \n Published : 23 juin 2026 12:13 | 1\u00a0heure, 30\u00a0minutes ago\n \n Description : Flowise before 3.1.2 contains multiple OS co...", "creation_timestamp": "2026-06-23T14:27:06.959345Z"} 2026-06-23T14:27:06.959345+00:00 https://vulnerability.circl.lu/sighting/35a2507a-0993-4f14-91e6-47df3bbe3445/export 35a2507a-0993-4f14-91e6-47df3bbe3445 2026-06-25T13:23:35.774231+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "35a2507a-0993-4f14-91e6-47df3bbe3445", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-56274", "type": "seen", "source": "https://gist.github.com/muhamedfazalps/db2c0e46436e75ee35dd214e14e27b40", "content": "# CVE-2026-56274: Critical OS Command Injection in Flowise\n\n**CVSS 9.9 (Critical) | Disclosed: June 24, 2026 | Unpatched**\n\n## Summary\nCVE-2026-56274 is an OS command injection vulnerability in FlowiseAI Flowise before version 3.1.2, specifically in the Custom MCP Server feature.\n\n## Technical Details\n- **CWE**: CWE-78 (OS Command Injection)\n- **CVSS Vector**: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\n- **Attack Type**: Remote (network)\n- **Privileges Required**: Low (any authenticated user)\n- **Impact**: Complete compromise of confidentiality, integrity, and availability\n\nThe vulnerability consists of two bypasses:\n1. Incomplete command-flag validation (e.g., `docker build` not blocked, `npx --yes` not blocked)\n2. Regex bypass in local file access restrictions\n\n## Affected\n- FlowiseAI Flowise < 3.1.2\n- Note: Flowise was acquired by Workday (NASDAQ: WDAY) in August 2025\n\n## Mitigation\n- Disable Custom MCP Server feature\n- Restrict API access\n- Monitor for unusual child processes\n- Network segmentation\n\n## References\n- NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-56274\n- Full Article: https://muhamedfazalps.github.io/security-alerts-june-2026/blog/cve-2026-56274-flowise-rce.html\n\n---\n*If this analysis helped you, consider supporting security research: https://buymeacoffee.com/muhamedfazalps*", "creation_timestamp": "2026-06-25T05:40:10.554880Z"} 2026-06-25T05:40:10.554880+00:00