> TritonInfoSec News
Home / Apr 08, 2026 / Story
0
#5 BleepingComputer general April 07, 2026 at 17:02 UTC

Max severity Flowise RCE vulnerability now exploited in attacks

By Bill Toulas

AI Summary

Hackers are actively exploiting CVE-2025-59528, a maximum-severity vulnerability in the Flowise AI platform that allows remote code execution through improper validation of user-supplied JavaScript. Over 12,000 Flowise instances are exposed to the internet, with VulnCheck confirming active exploitation of the CVSS 10.0 flaw.

Read full article → https://www.bleepingcomputer.com/news/security/max…

Relevance score: 88.0/100

# More from April 08

  1. 1
    Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs The Hacker News
  2. 2
    Russia Hacked Routers to Steal Microsoft Office Tokens Krebs on Security
  3. 3
    Feds quash widespread Russia-backed espionage network spanning 18,000 devices CyberScoop
  4. 4
    FBI: Americans lost a record $21 billion to cybercrime last year BleepingComputer
  5. 6
    Docker CVE-2026-34040 Lets Attackers Bypass Authorization and Gain Host Access The Hacker News
  6. 7
    Hackers exploit critical flaw in Ninja Forms WordPress plugin BleepingComputer
  7. 8
    Storm-1175 Deploys Medusa Ransomware at 'High Velocity' Dark Reading
  8. 9
    Snowflake customers hit in data theft attacks after SaaS integrator breach BleepingComputer
  9. 10
    Fortinet Issues Emergency Patch for FortiClient Zero-Day Dark Reading