Skip to content

Bugfix/Custom MCP Security#4963

Merged
HenryHengZJ merged 3 commits intomainfrom
bugfix/Custom-MCP-Security-Check
Jul 30, 2025
Merged

Bugfix/Custom MCP Security#4963
HenryHengZJ merged 3 commits intomainfrom
bugfix/Custom-MCP-Security-Check

Conversation

@HenryHengZJ
Copy link
Copy Markdown
Contributor

@HenryHengZJ HenryHengZJ commented Jul 28, 2025

  • Implemented a validation function to check for banned commands and dangerous patterns.
  • Added checks for potential shell injection attempts in command and arguments.
  • Security validation is conditionally enabled based on environment variable CUSTOM_MCP_SECURITY_CHECK.

@HenryHengZJ
- Implemented a validation function to check for banned commands and …
8e7a3a8 
…dangerous patterns.

- Added checks for potential shell injection attempts in command and arguments.
- Security validation is conditionally enabled based on environment variable CUSTOM_MCP_SECURITY_CHECK.
@HenryHengZJ
Enhance security by implementing command and argument validation in S…
ca38189 
…upergatewayMCP. Added checks for banned commands, dangerous patterns, and potential shell injection attempts. Security validation is conditionally enabled based on the CUSTOM_MCP_SECURITY_CHECK environment variable.
@HenryHengZJ
add validateMCPServerSecurity
6669c8f
@HenryHengZJ HenryHengZJ merged commit e8dac20 into main Jul 30, 2025
2 checks passed
@aiac
Copy link
Copy Markdown

aiac commented Aug 14, 2025

Does it solve https://nvd.nist.gov/vuln/detail/CVE-2025-8943?

@Frentzen
Copy link
Copy Markdown

Frentzen commented Aug 17, 2025
edited
Loading

Hi team,

After analyzing the stable version (main branch), I noticed that the security function introduced through the PR to mitigate the vulnerability, validateMCPServerSecurity, is no longer present in the current release.

Instead, a new function called validateArgsForLocalFileAccess has been introduced, but it does not provide proper validation against remote code execution (RCE).

When testing the latest version against the available exploits (using Docker Compose to deploy a local instance), it appears that the application remains vulnerable to the same CVE.

image image

Are you planning to release a new patch for this vulnerability, or is this the intended behavior?

For context, I enabled the CUSTOM_MCP_SECURITY_CHECK flag during my analysis.

image

Edit: I think I found the PR that removed the security checks: https://github.com/FlowiseAI/Flowise/pull/5003/commits

@HenryHengZJ
Copy link
Copy Markdown
Contributor Author

HenryHengZJ commented Sep 18, 2025

This PR #5232 will enable security check by default, and here's the recommended settings when deployed on cloud in production:

# Enable security validation (default)
CUSTOM_MCP_SECURITY_CHECK=true

# Use SSE protocol for better security
CUSTOM_MCP_PROTOCOL=sse

@claude claude bot mentioned this pull request Dec 20, 2025
Merged
@github-actions github-actions bot mentioned this pull request Jan 5, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@HenryHengZJ @aiac @Frentzen