Flowise Authenticated Remote Code Execution Vulnerability via Node Custom Function API

A remote code execution vulnerability has been identified in Flowise, a user interface for building large language model flows. This issue affects versions through 3.1.1. The vulnerability arises because the POST /api/v1/node-custom-function endpoint lacks proper authorization, allowing any authenticated user or API key to send arbitrary JavaScript to the Custom JS Function node. In typical deployments where E2B_APIKEY is not set, Flowise runs this code in a NodeVM sandbox, which can be escaped. This escape route enables access to the host process object, facilitating the execution of system commands through the child_process module. Consequently, this flaw results in authenticated remote code execution on the server hosting Flowise.

Impact

Exploitation of this vulnerability allows any authenticated user or API key holder to execute arbitrary commands on the Flowise server, with the same privileges as the server process. This access includes reading environment variables and secrets, manipulating files, making outbound network requests, and potentially establishing a foothold for further exploitation or lateral movement within the environment.

Reproduction

The vulnerability can be reproduced by sending a POST request to the /api/v1/node-custom-function endpoint with a valid API key or session. The request must include a payload that exploits the missing authorization and the NodeVM sandbox execution, such as a JavaScript function that escapes the sandbox and accesses the child_process module to execute commands on the server.

Remediation

Users are advised to update to Flowise version 3.1.2, where this vulnerability has been patched. Additionally, implement explicit permission checks for the Node Custom Function API to prevent unauthorized access.