CVE-2026-41264
published 2026-04-23CVE-2026-41264: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the…
PriorityP266critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.53%
40.7th percentile
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the CSV_Agents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. An attacker can leverage this vulnerability to execute code in the context of the user running the server. Using prompt injection techniques, an unauthenticated attacker with the ability to send prompts to a chatflow using the CSV Agent node may convince an LLM to respond with a malicious python script that executes attacker controlled commands on the Flowise server. This vulnerability is fixed in 3.1.0.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| flowiseai | flowise | < 3.1.0 | 3.1.0 |
| flowiseai | flowise | >= 0 < 3.1.0 | 3.1.0 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.2CRITICALCVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
FlowiseAI Flowise up to 3.0.x CSV_Agents incomplete blacklist (GHSA-3hjv-c53m-58jj)
vuldb·2026-04-23·CVSS 9.2
CVE-2026-41264 [CRITICAL] FlowiseAI Flowise up to 3.0.x CSV_Agents incomplete blacklist (GHSA-3hjv-c53m-58jj)
A vulnerability, which was classified as critical, has been found in FlowiseAI Flowise up to 3.0.x. This affects the function CSV_Agents. The manipulation leads to incomplete blacklist.
This vulnerability is listed as CVE-2026-41264. The attack may be initiated remotely. There is no available exploit.
It is advisable to upgrade the affected component.
GHSA
Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability
ghsa·2026-04-21
CVE-2026-41264 [CRITICAL] CWE-184 Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability
Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability
## Abstract
Trend Micro's Zero Day Initiative has identified a vulnerability affecting FlowiseAI Flowise.
## Vulnerability Details
- **Version tested:** 3.0.13
- **Installer file:** https://github.com/FlowiseAI/Flowise
- **Platform tested:** Ubuntu 25.10
## Analysis
This vulnerability allows remote attackers to execute arbitrary code on affected installations of FlowiseAI Flowise. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the `run` method of the `CSV_Agents` class. The issue results from the lack of proper sandboxing when evaluating an LLM-generated Python script. An attacker can leverage this vulnerability to execute code in the context of the user running the
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-04-23
Published