CRITICAL 3 min read 11 Apr 2026

Flowise AI Agent Builder Exploited in the Wild; Anodot Breach Triggers Snowflake Token Theft

Active exploitation of a 10.0 RCE in Flowise AI Agent Builder marks a critical escalation in AI-native threats. Simultaneously, a supply-chain breach at Anodot has compromised Snowflake authentication tokens, forcing global connector shutdowns and impacting enterprise data estates.

Key findings
01
Flowise AI Agent Builder RCE Under Active Exploitation (CVE-2025-59528)
CRITICAL
[High] Confidence: High A critical vulnerability in the Flowise AI Agent Builder, tracked as CVE-2025-59528 (CVSS 10.0), is now being actively exploited in the wild. The flaw resides in the CustomMCP node, allowing unauthenticated attackers to execute arbitrary code on exposed servers.
CVE-2025-59528
02
Anodot SaaS Breach Impacts Snowflake and Cloud Data Stores
HIGH
[High] Confidence: High A significant supply-chain compromise at SaaS integrator Anodot has matured into a major data security incident. Attackers, recently identified as ShinyHunters, utilised stolen authentication tokens to access the Snowflake environments of Anodot’s customers.
03
Major UK Supply-Chain Victims: Adaptavist and Aculab
HIGH
[High] Confidence: High The Gentlemen ransomware group has listed Adaptavist Group LTD, a major UK-based enterprise DevOps and Atlassian consultancy, as a victim.
04
AI Framework Exposure: lollms XSS and PraisonAI Reasoning Leakage
HIGH
[High] Confidence: High The AI-native risk stack continues to expand with the discovery of a stored XSS vulnerability in parisneo/lollms (CVE-2026-1115). Additionally, PraisonAI has been found to expose unauthenticated reasoning traces and activity event streams via its websocket interface (CVE-2026-34952).
CVE-2026-1115
05
Update: Axios npm Compromise Formally Tracked (CVE-2026-40175)
CRITICAL
[High] Confidence: High The previously reported compromise of the Axios npm package is now formally tracked as CVE-2026-40175 with a CVSS score of 10.0. This formalisation confirms the operational severity of the account-hijack window and the necessity of verifying all Node.js dependencies.
CVE-2026-40175
06
Update: Smart Slider 3 Pro Confirmed as Full RAT/Backdoor
HIGH
[High] Confidence: High Malware analysis has confirmed that the Smart Slider 3 Pro malicious update functions as a full Remote Access Trojan (RAT). It creates rogue administrator accounts and establishes persistent hooks within affected WordPress and Joomla estates.
07
Update: Totolink A7100RU Cluster Expands (CVE-2026-6029)
HIGH
[High] Confidence: High The critical RCE cluster for Totolink A7100RU routers has expanded with the discovery of CVE-2026-6029. This new vulnerability allows for unauthenticated OS command injection via VPN account configuration, increasing the exploit surface for edge devices.
CVE-2026-6029

Flowise AI Agent Builder Exploited in the Wild; Anodot Breach Triggers Snowflake Token Theft

Flowise AI Agent Builder RCE Under Active Exploitation (CVE-2025-59528)

Confidence: High

A critical vulnerability in the Flowise AI Agent Builder, tracked as CVE-2025-59528 (CVSS 10.0), is now being actively exploited in the wild. The flaw resides in the CustomMCP node, allowing unauthenticated attackers to execute arbitrary code on exposed servers. Intelligence sweeps indicate that over 12,000 instances are potentially exposed globally.

Given the agentic nature of Flowise, compromised servers provide attackers with direct access to integrated LLM keys, internal tool arguments, and sensitive orchestration workflows. Organisations using Flowise must update to version 3.0.6 or later immediately to mitigate this risk.

Anodot SaaS Breach Impacts Snowflake and Cloud Data Stores

Confidence: High

A significant supply-chain compromise at SaaS integrator Anodot has matured into a major data security incident. Attackers, recently identified as ShinyHunters, utilised stolen authentication tokens to access the Snowflake environments of Anodot’s customers. In response, Anodot has disabled all Snowflake, Amazon S3, and Kinesis connectors globally.

This incident highlights the persistent risk of 'standing access' in SaaS-to-SaaS integrations. Evidence suggests that long-lived authentication tokens were the primary vector, allowing attackers to bypass traditional perimeter defences and move laterally into sensitive analytics estates.

Major UK Supply-Chain Victims: Adaptavist and Aculab

Confidence: High

The Gentlemen ransomware group has listed Adaptavist Group LTD, a major UK-based enterprise DevOps and Atlassian consultancy, as a victim. Separately, the cloud communications provider Aculab has been targeted by the BravoX group, which claims to have exfiltrated approximately 1TB of data. These incidents represent a targeted effort against high-leverage UK managed-service providers, potentially exposing downstream client credentials and communication metadata.

AI Framework Exposure: lollms XSS and PraisonAI Reasoning Leakage

Confidence: High

The AI-native risk stack continues to expand with the discovery of a stored XSS vulnerability in parisneo/lollms (CVE-2026-1115). Additionally, PraisonAI has been found to expose unauthenticated reasoning traces and activity event streams via its websocket interface (CVE-2026-34952). These findings suggest that 'internal thinking' and agent telemetry are becoming primary targets for data exfiltration in AI environments.

Update: Axios npm Compromise Formally Tracked (CVE-2026-40175)

Confidence: High

The previously reported compromise of the Axios npm package is now formally tracked as CVE-2026-40175 with a CVSS score of 10.0. This formalisation confirms the operational severity of the account-hijack window and the necessity of verifying all Node.js dependencies.

Update: Smart Slider 3 Pro Confirmed as Full RAT/Backdoor

Confidence: High

Malware analysis has confirmed that the Smart Slider 3 Pro malicious update functions as a full Remote Access Trojan (RAT). It creates rogue administrator accounts and establishes persistent hooks within affected WordPress and Joomla estates.

Update: Totolink A7100RU Cluster Expands (CVE-2026-6029)

Confidence: High

The critical RCE cluster for Totolink A7100RU routers has expanded with the discovery of CVE-2026-6029. This new vulnerability allows for unauthenticated OS command injection via VPN account configuration, increasing the exploit surface for edge devices.

Why This Matters

The shift towards exploiting AI orchestration frameworks (Flowise, lollms, PraisonAI) signals a new frontier in the threat landscape where the logic and telemetry of autonomous agents are as vulnerable as the underlying code. Combined with the Anodot supply-chain breach, it is clear that trusted third-party integrations remain the most effective path for bypassing enterprise security controls.

  • Recommended Actions
  • Immediate Patching: Update Flowise to v3.0.6+ and review PraisonAI authentication settings to prevent reasoning leakage.
  • Credential Audit: Review and rotate all long-lived tokens used in SaaS integrations, particularly those connecting to Snowflake or cloud storage.
  • Supply-Chain Verification: Audit Node.js environments for the compromised Axios window (CVE-2026-40175) and verify Smart Slider 3 Pro installations for rogue admin accounts.
  • Edge Security: Prioritise the decommissioning or patching of Totolink A7100RU routers in remote-work and SME environments.

All findings grounded in A13E intelligence sweeps through 04:30 UTC 11 April 2026.

ai-securityanodotcve-2025-59528cve-2026-1115cve-2026-40175cve-2026-6029flowisesnowflakesupplychain

Act on this brief

Map detection coverage gaps for the techniques above, or generate Sigma rules from the named CVEs.

Try DCV Try CloudSigma ← Back to feed