A critical remote code execution (RCE) vulnerability in self-hosted Flowise servers has been exposed, allowing attackers to execute arbitrary code by deceiving users into importing a malicious chatflow. This one-click exploit enables threat actors to gain control over the server, posing a significant risk to the security of sensitive data. The vulnerability can be triggered when a user imports a crafted chatflow, granting the attacker unrestricted access to the server. The publication of exploit code has increased the likelihood of attacks, as malicious actors can now leverage this code to launch targeted assaults on vulnerable Flowise servers1. This vulnerability underscores the importance of verifying the integrity of imported chatflows and implementing robust security measures to prevent such exploits. The potential consequences of this vulnerability make it a pressing concern for administrators and security practitioners responsible for securing self-hosted Flowise servers.