Partial String Comparison Affecting flowise package, versions <3.1.0

flowise is a Flowiseai Server

Affected versions of this package are vulnerable to Partial String Comparison due to the replaceInputsWithConfig logic in packages/server/src/utils/index.ts. An attacker can override flow parameters by supplying a crafted override configuration in a prediction request. This lets the attacker override restricted inputs, including file-backed inputs, into the runtime flow and alter how the server processes the request.

Notes

• The RCE path in the maintainer's advisory depends on NODE_OPTIONS being accepted inside the overridden mcpServerConfig.
• The bypass only matters when API Override is enabled on a publicly reachable chatflow, because that is what allows request-supplied override JSON to reach the parameter-merging logic.

Workarounds

• Disable API Override for chatflows that do not need user-supplied configuration overrides, so attackers cannot supply crafted overrideConfig values to bypass parameter restrictions.
• Keep the chatflow private instead of making it public, so unauthenticated users cannot send the single-request payload needed to reach the override path.
• Remove or avoid Custom MCP nodes in exposed chatflows, so attackers cannot use mcpServerConfig overrides to inject NODE_OPTIONS and execute arbitrary commands.

• GitHub Commit
• Maintainer's Advisory