CVE-2024-58351: Flowise - Remote Code Execution via overrideConfig Parameter
Flowise before 2.1.4 allows configuration to be injected into the Chainflow during execution via the overrideConfig option, supported in both the frontend web integration and the backend Prediction API. Because this feature is enabled by default with no allow-list of permitted variables and relies on vm2 for sandboxing, an attacker can abuse it to achieve remote code execution and sandbox escape, denial of service by crashing the server, server-side request forgery, prompt injection, and server variable and data exfiltration. These issues are self-targeted and do not persist to other users.
Security readout for executives and security teams
Plain-English summary
Flowise versions before 2.1.4 can let an attacker inject configuration during chatflow execution. The reported impact includes remote code execution, server crashes, SSRF, prompt injection, and data or server-variable exposure. This is business-critical for exposed Flowise deployments, but sources do not report active exploitation.
Executive priority
Treat as urgent for any exposed Flowise deployment. The vulnerability has unauthenticated remote code execution potential and high confidentiality, integrity, and availability impact. Prioritize inventory and upgrade, then review logs for signs of misuse.
Technical view
The issue is in the default-enabled overrideConfig option in frontend web integration and backend Prediction API. Without an allow-list and relying on vm2 sandboxing, injected configuration can lead to sandbox escape and code execution. CVSS is 9.8, network exploitable, low complexity, no privileges, no user interaction.
Likely exposure
Flowise deployments before 2.1.4 are the relevant exposure, especially internet-accessible instances using web integrations or the Prediction API. Environments not running Flowise, or running 2.1.4 or later, are not indicated as affected by the provided sources.
Exploitation context
The CVE record marks this as critical and not in CISA KEV. The provided sources do not state active exploitation. Reported effects are self-targeted and do not persist to other users, but compromise of the affected server can still be severe.
Researcher notes
Focus assessment on overrideConfig exposure in Flowise before 2.1.4. Avoid assuming exploitation in the wild; sources do not support that. The advisory notes multiple impacts from the same default-enabled configuration path, including sandbox escape and exfiltration risks.
Mitigation direction
Identify all Flowise deployments and versions.
Upgrade vulnerable Flowise instances to 2.1.4 or later, per vendor guidance.
Review vendor advisory for any configuration-specific recommendations.
Restrict network access to Flowise interfaces where exposure is not required.
Monitor for unusual server crashes, outbound requests, or data access patterns.
Validation and detection
Confirm whether Flowise is deployed in the environment.
Verify each instance version is 2.1.4 or later.
Check whether web integration or Prediction API endpoints are exposed.
Review logs for abnormal prediction requests or unexpected outbound connections.
Document any compensating access controls around exposed Flowise services.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cwe · medium confidence lookup
CWE-94: Code execution behavior lookup
Code execution and unsafe deserialization weaknesses often justify reviewing execution behavior and process telemetry. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
The CVE wording references privilege impact, so privilege escalation and authorization behavior review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
The CVE wording references SSRF or metadata access, so cloud discovery and credential material review may help. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
2CVSS vectors
3Timeline events
0ADP providers
3Source links
CVSS vector scores
2 official scores
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
CWE-94 · source CWE mapping
Improper Control of Generation of Code ('Code Injection')
Improper Control of Generation of Code ('Code Injection') represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.