Public exploit code now targets a critical remote code execution flaw in Flowise. The one-click attack works through malicious chatflow imports on self-hosted instances. Teams running AI workflow tools face immediate exposure. A separate critical Gogs RCE from recent weekend reports adds pressure on self-hosted Git deployments. Obsidian Security published the PoC this week for CVE-2026-40933. The bug carries a CVSS score of 9.9. It stems from unsafe serialization of stdio commands in the MCP adapter. Any user who can create or edit chatflows can embed a malicious Custom MCP Tool configuration. Importing the crafted JSON triggers command execution on the server during canvas rendering. No save or run step is required. The payload runs with the privileges of the Flowise process, often root inside containers. Flowise reached over 52,000 GitHub stars as an open-source platform for LLM workflows and AI agents. The vulnerability affects versions before 3.1.0.…