Tech Apr 7, 2026 6 min CVSS 10.0 RCE in Flowise CustomMCP Node Exposes 12,000+ Instances CVE-2025-59528: A Function() constructor-based arbitrary code execution vulnerability in Flowise's CustomMCP node is being actively exploited. Over 12,000 instances remain exposed on the internet. Security CVE Flowise MCP RCE
