Flowise AI Agent Builder Hit by Critical Remote Code Execution Vulnerability
AI-generated from multiple sources. Verify before acting on this reporting.
LONDON (Reuters) - A critical security flaw rated CVSS 10.0 is being actively exploited in Flowise AI Agent Builder, affecting more than 12,000 instances globally. The vulnerability allows attackers to execute arbitrary code remotely, granting them full control over compromised systems.
The breach was detected on April 7, 2026, at approximately 06:04 UTC. Security researchers identified the vulnerability as a Remote Code Execution (RCE) flaw, the highest severity rating possible under the Common Vulnerability Scoring System. The exploit is currently being weaponized in the wild, with no immediate patch or mitigation strategy confirmed by the developers.
Flowise is an open-source platform designed to help users build AI agents and workflows without extensive coding knowledge. The platform has seen rapid adoption among developers and enterprises seeking to integrate artificial intelligence capabilities into their operations. The scale of the compromise suggests the vulnerability has been present for an undisclosed period before detection.
The attack vector targets the core architecture of the application, allowing unauthenticated attackers to inject malicious payloads. Once executed, the code can perform any action on the host system, including data exfiltration, ransomware deployment, or the creation of botnet nodes. The widespread nature of the compromise indicates that automated scanning tools are likely identifying vulnerable instances and exploiting them in real-time.
No specific organizations have publicly confirmed they are among the affected 12,000 instances. The anonymity of the attackers remains unknown, as does their motivation. While some vulnerabilities are exploited for financial gain through ransomware or data theft, others may be used for espionage or infrastructure disruption.
Security experts urge administrators running Flowise instances to take immediate action. Recommended steps include isolating affected systems from the network, disabling external access, and reviewing logs for signs of compromise. Until an official patch is released, users are advised to run the software in restricted environments with limited network exposure.
The incident highlights the growing risks associated with rapidly deployed AI tools. As organizations integrate generative AI into critical workflows, the attack surface expands, creating new opportunities for malicious actors. The lack of immediate vendor response has left many administrators in a precarious position, balancing operational continuity against severe security risks.
Questions remain regarding the full extent of the damage. It is unclear whether sensitive data has been accessed or if the compromised systems are being used for further attacks. The timeline of the exploitation and the identity of the threat actors remain under investigation. As the situation develops, additional details regarding the scope and impact of the breach are expected to emerge.