OFFSITE.DARK
← Signals

Jun 29, 2026

1 min

Sploitus / Exploitarium

  • flowise
  • node
  • windows
  • rce
  • exploitarium

news

Flowise 3.1.2 MCP NODE_OPTIONS Case Bypass

Custom MCP stdio blocks `NODE_OPTIONS` by exact case; Windows honors `node_options` — preload arbitrary JS in child Node process.

Summary

Custom MCP stdio blocks NODE_OPTIONS by exact case; Windows honors node_options — preload arbitrary JS in child Node process. This proof-of-concept is one of 30 folders in the Exploitarium collection. OFFSITE.DARK summarizes the upstream README and PoC design; we did not discover or weaponize this flaw.

Key Findings

FindingDetail
Product / targetFlowise 3.1.2 / flowise-components 3.1.2 (Windows)
PrimitiveCase-sensitive env denylist vs case-insensitive Windows env slot
ImpactAuthenticated Flowise user with MCP config access → code execution in worker context.

Attack Chain

Set node_options=--require loader in MCP env → spawn Node child → marker file / RCE

Mitigation

Normalize env keys to uppercase before denylist; restrict MCP configuration to admins.

Related Signals

Sources

→ Source