{"vulnerability": "cve-2026-5627", "sightings": [{"uuid": "30f1cc06-2757-4504-85f5-b1bbb943addb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-5627", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mivyjoek5x26", "content": "", "creation_timestamp": "2026-04-07T14:30:18.679337Z"}, {"uuid": "22eb63f0-09f9-4eda-8d82-fa9c46fa3609", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-5627", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116363900721699665", "content": "", "creation_timestamp": "2026-04-07T14:30:22.412018Z"}, {"uuid": "be9fb8f1-eee7-4116-957e-37d71e111cad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5627", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mivzdlyidt2s", "content": "", "creation_timestamp": "2026-04-07T14:44:48.210613Z"}, {"uuid": "9f45b1bf-fbbd-4327-b182-770467065ffc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5627", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3miw3ztb2m22s", "content": "", "creation_timestamp": "2026-04-07T15:33:03.185243Z"}, {"uuid": "13379a7f-ae0c-40dc-a273-ac952c9204a4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-5627", "type": "published-proof-of-concept", "source": "Telegram/OQovZCNyncHtmKsEQoVAn9WglYI3Qk-HPEu8DU-i8r2-BaQ", "content": "", "creation_timestamp": "2026-04-07T15:21:30.000000Z"}, {"uuid": "aef37621-9e13-42b5-b914-7d01593e9ae1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56276", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moqmuihsev2i", "content": "CVE-2026-56276 - Flowise - Mass Assignment in PUT /api/v1/user Allows Password Hash Override\nCVE ID : CVE-2026-56276\n \n Published : June 20, 2026, 3:24 p.m. | 4\u00a0hours, 18\u00a0minutes ago\n \n Description : Flowise before 3.1.2 contains a mass assignment vulnerability in the PUT /api...", "creation_timestamp": "2026-06-20T19:49:30.203076Z"}, {"uuid": "f6fd408c-a0ea-4383-b928-2572362211f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56274", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3moxmasquup2a", "content": "CVE-2026-56274 - Flowise - Remote Code Execution via MCP Security Bypass in validateCommandFlags and validateArgsForLocalFileAccess\nCVE ID : CVE-2026-56274\n \n Published : 23 juin 2026 12:13 | 1\u00a0heure, 30\u00a0minutes ago\n \n Description : Flowise before 3.1.2 contains multiple OS co...", "creation_timestamp": "2026-06-23T14:27:06.959345Z"}, {"uuid": "0f87b050-9e88-42d1-bf81-8420412ac44b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-56270", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mp22xcos3g2f", "content": "CVE-2026-56270 - Flowise - Unauthenticated OAuth Secrets Disclosure via /api/v1/loginmethod Endpoint\nCVE ID : CVE-2026-56270\n \n Published : June 24, 2026, 11:53 a.m. | 1\u00a0hour, 17\u00a0minutes ago\n \n Description : Flowise before 3.1.0 (versions 3.0.13 and earlier) contains a missing...", "creation_timestamp": "2026-06-24T13:55:31.485115Z"}, {"uuid": "35a2507a-0993-4f14-91e6-47df3bbe3445", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-56274", "type": "seen", "source": "https://gist.github.com/muhamedfazalps/db2c0e46436e75ee35dd214e14e27b40", "content": "# CVE-2026-56274: Critical OS Command Injection in Flowise\n\n**CVSS 9.9 (Critical) | Disclosed: June 24, 2026 | Unpatched**\n\n## Summary\nCVE-2026-56274 is an OS command injection vulnerability in FlowiseAI Flowise before version 3.1.2, specifically in the Custom MCP Server feature.\n\n## Technical Details\n- **CWE**: CWE-78 (OS Command Injection)\n- **CVSS Vector**: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\n- **Attack Type**: Remote (network)\n- **Privileges Required**: Low (any authenticated user)\n- **Impact**: Complete compromise of confidentiality, integrity, and availability\n\nThe vulnerability consists of two bypasses:\n1. Incomplete command-flag validation (e.g., `docker build` not blocked, `npx --yes` not blocked)\n2. Regex bypass in local file access restrictions\n\n## Affected\n- FlowiseAI Flowise < 3.1.2\n- Note: Flowise was acquired by Workday (NASDAQ: WDAY) in August 2025\n\n## Mitigation\n- Disable Custom MCP Server feature\n- Restrict API access\n- Monitor for unusual child processes\n- Network segmentation\n\n## References\n- NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-56274\n- Full Article: https://muhamedfazalps.github.io/security-alerts-june-2026/blog/cve-2026-56274-flowise-rce.html\n\n---\n*If this analysis helped you, consider supporting security research: https://buymeacoffee.com/muhamedfazalps*", "creation_timestamp": "2026-06-25T05:40:10.554880Z"}]}