From 55c99c2581bb0b84d29516526bc112b27b281164 Mon Sep 17 00:00:00 2001
From: christopherholland-workday <christopher.holland@workday.com>
Date: Thu, 22 Jan 2026 14:52:26 -0800
Subject: [PATCH 1/3] Fix Paramater Override Bypass

---
 packages/components/nodes/tools/MCP/core.ts | 2 +-
 packages/server/src/utils/index.ts          | 5 +----
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/packages/components/nodes/tools/MCP/core.ts b/packages/components/nodes/tools/MCP/core.ts
index 36a26608909..6b6c447292b 100644
--- a/packages/components/nodes/tools/MCP/core.ts
+++ b/packages/components/nodes/tools/MCP/core.ts
@@ -246,7 +246,7 @@ export const validateCommandInjection = (args: string[]): void => {
 }
 
 export const validateEnvironmentVariables = (env: Record<string, any>): void => {
-    const dangerousEnvVars = ['PATH', 'LD_LIBRARY_PATH', 'DYLD_LIBRARY_PATH']
+    const dangerousEnvVars = ['PATH', 'LD_LIBRARY_PATH', 'DYLD_LIBRARY_PATH', 'NODE_OPTIONS']
 
     for (const [key, value] of Object.entries(env)) {
         if (dangerousEnvVars.includes(key)) {
diff --git a/packages/server/src/utils/index.ts b/packages/server/src/utils/index.ts
index f0b1b35df08..f8b228e0c08 100644
--- a/packages/server/src/utils/index.ts
+++ b/packages/server/src/utils/index.ts
@@ -1189,10 +1189,7 @@ export const replaceInputsWithConfig = (
                     continue
                 }
             } else {
-                // Skip if it is an override "files" input, such as pdfFile, txtFile, etc
-                if (typeof overrideConfig[config] === 'string' && overrideConfig[config].includes('FILE-STORAGE::')) {
-                    // pass
-                } else if (!isParameterEnabled(flowNodeData.label, config)) {
+                if (!isParameterEnabled(flowNodeData.label, config)) {
                     // Only proceed if the parameter is enabled
                     continue
                 }

From 46a6acda0a80387a2e6d36bfc8e08076ef4f268e Mon Sep 17 00:00:00 2001
From: Henry Heng <henryheng@flowiseai.com>
Date: Fri, 6 Feb 2026 13:57:39 +0800
Subject: [PATCH 2/3] Update OverrideConfig.jsx

---
 packages/ui/src/ui-component/extended/OverrideConfig.jsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/ui/src/ui-component/extended/OverrideConfig.jsx b/packages/ui/src/ui-component/extended/OverrideConfig.jsx
index df1e8732ef7..32397b4b973 100644
--- a/packages/ui/src/ui-component/extended/OverrideConfig.jsx
+++ b/packages/ui/src/ui-component/extended/OverrideConfig.jsx
@@ -365,7 +365,7 @@ const OverrideConfig = ({ dialogProps }) => {
                 <TooltipWithParser
                     style={{ mb: 1, mt: 2, marginLeft: 10 }}
                     title={
-                        'Enable or disable which properties of the flow configuration can be overridden. Refer to the <a href="https://docs.flowiseai.com/using-flowise/api#override-config" target="_blank">documentation</a> for more information.'
+                        'Enable or disable which properties of the flow configuration can be overridden. Refer to the <a href="https://docs.flowiseai.com/using-flowise/prediction#configuration-override" target="_blank">documentation</a> for more information.'
                     }
                 />
             </Typography>

From 23dd898ab63d1a3d0475c500d80a912dc29ae0f7 Mon Sep 17 00:00:00 2001
From: Henry Heng <henryheng@flowiseai.com>
Date: Fri, 6 Feb 2026 13:58:34 +0800
Subject: [PATCH 3/3] Update VectorStoreDialog.jsx

---
 packages/ui/src/views/vectorstore/VectorStoreDialog.jsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/ui/src/views/vectorstore/VectorStoreDialog.jsx b/packages/ui/src/views/vectorstore/VectorStoreDialog.jsx
index 658db8c2c29..83277ac5002 100644
--- a/packages/ui/src/views/vectorstore/VectorStoreDialog.jsx
+++ b/packages/ui/src/views/vectorstore/VectorStoreDialog.jsx
@@ -578,7 +578,7 @@ formData.append("openAIApiKey[openAIEmbeddings_0]", "sk-my-openai-2nd-key")`
                                                                             <a
                                                                                 rel='noreferrer'
                                                                                 target='_blank'
-                                                                                href='https://docs.flowiseai.com/using-flowise/api#override-config'
+                                                                                href='https://docs.flowiseai.com/using-flowise/prediction#configuration-override'
                                                                             >
                                                                                 here
                                                                             </a>{' '}