CVE-2026-41264CRITICAL 9.8EPSS p40.5%

CVE-2026-41264CVE-2026-41264

Description

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the CSV_Agents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. An attacker can leverage this vulnerability to execute code in the context of the user running the server. Using prompt injection techniques, an unauthenticated attacker with the ability to send prompts to a chatflow using the CSV Agent node may convince an LLM to respond with a malicious python script that executes attacker controlled commands on the Flowise server. This vulnerability is fixed in 3.1.0.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.53% probability of exploitation · percentile 40.5% · 2026-06-19T12:03:05Z
Published2026-04-23
Last modified2026-04-24

Underlying weaknesses· 1

CWE-184

References

  1. https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-3hjv-c53m-58jj
  2. https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-3hjv-c53m-58jj

1

TypeTargetConfidenceTier
WeaknessIncomplete List of Disallowed Inputscwe-1840%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-41137
CVE
CVE-2026-41265
CVE
CVE-2026-41138
CVE
CVE-2026-46442
CVE
CVE-2026-31829
CVE
CVE-2026-41270
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.