Threat actors have found a way to inject arbitrary JavaScript into the Flowise low-code platform for building custom LLM and agentic systems. The code injection was possible due to a design oversight, rated at max-severity, in the platform’s custom MCP node, which acts as a plug-in connector for an application’s AI agent to talk to external tools via MCP servers. According to a recent VulnCheck alert, hackers have already started exploiting the flaw to insert malicious JavaScript code, with analysis showing close to 15000 Flowise instances exposed on the public internet. The flaw was patched in the AI development platform’s version 3.0.6, the latest rollout being v 3.1.1, released last month...