Max severity Flowise RCE vulnerability now exploited in attacks

Tuesday, April 7, 2026 at 05:02 PM UTC·Source: BleepingComputer

Updated: Tuesday, April 7, 2026 at 05:03 PM UTC

Executive Summary

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. [...]

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2025-59528

NVD MITRE CVE

Source Attribution

Originally published by BleepingComputer on Apr 7, 2026.

Related Threats

CRITICALVulnerabilityNEW

Anthropic Unveils ‘Claude Mythos’ — A Cybersecurity Breakthrough That Could Also Supercharge Attacks

New AI model drives Project Glasswing, a effort to secure critical software before advanced capabilities fall into the wrong hands. The post Anthropic Unveils ‘Claude Mythos’ — A Cybersecurity Breakthrough That Could Also Supercharge Attacks appeared first on SecurityWeek .

56m agoSecurityWeek

CRITICALVulnerabilityNEW

Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks

New AI model drives Project Glasswing, a effort to secure critical software before advanced capabilities fall into the wrong hands. The post Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks appeared first on SecurityWeek .

56m agoSecurityWeek

MEDIUMVulnerability

A Little Bit Pivoting: What Web Shells are Attackers Looking for?, (Tue, Apr 7th)

Webshells remain a popular method for attackers to maintain persistence on a compromised web server. Many "arbitrary file write" and "remote code execution" vulnerabilities are used to drop small files on systems for later execution of additional payloads. The names of these files keep changing and are often chosen to "fit in" with other files. Webshells themselves are also often used by parasitic

1h agoSANS ISC