Three chained CVEs — CVE-2025-59528 (CVSS 9.5, primary), CVE-2025-8943, and CVE-2025-26319 — affect Flowise versions prior to 3.0.6, collectively enabling unauthenticated remote code execution via the Custom MCP Node functionality, with an EPSS score of 0.8239 placing exploitation probability at the 99.2nd percentile and first exploitation confirmed April 7, 2026; between 12,000 and 15,000 internet-exposed instances are estimated to remain unpatched. This is not yet listed in CISA KEV but active exploitation is confirmed and the EPSS score warrants equivalent urgency. All Flowise instances should be upgraded to version 3.0.6 immediately, and internet-exposed instances without WAF or authentication controls should be taken offline until patched.