CVE-2026-56767

Maxun before 0.0.42 contains a cross-tenant insecure direct object reference vulnerability in storage and webhook API handlers that allows authenticated users to access other users' robots and OAuth tokens. Attackers can read plaintext Google and Airtable access tokens, modify, delete, or execute...

CVE-2026-56767

Maxun before version 0.0.42 is affected by a cross-tenant insecure direct object reference in storage and webhook API handlers. Authenticated users can bypass ownership checks to read other users’ robots and OAuth tokens, including plaintext Google and Airtable tokens, and can modify, delete, or ...

CVE-2026-41265

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the AirtableAgents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. Using prompt...

FlowiseAI Flowise Airtable_Agent Code Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Flowise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the run method of the AirtableAgents class. The issue results from the lack of proper validation...

CVE-2026-41265

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the AirtableAgents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. Using prompt...

CVE-2026-41265 Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the AirtableAgents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. Using prompt...

CVE-2026-41265

CVE-2026-41265 affects Flowise with the Airtable_Agents class, where the run method evaluates an LLM-generated Python script without proper sandboxing. This allows prompt-injection via chatflows to coax the LLM into returning a malicious Python script that executes attacker-controlled commands on...

CVE-2026-41265 Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the AirtableAgents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. Using prompt...

CVE-2026-41265

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the AirtableAgents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. Using prompt...

EUVD-2026-25294

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the AirtableAgents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. Using prompt...

CVE-2026-41138

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. The user’s input is directly applied to the question parameter within...

CVE-2026-41138

Summary (CVE-2026-41138): Flowise Flowise 3.x contains a remote code execution vulnerability in the Airtable_Agent path (AirtableAgent.ts) due to lack of input verification when using Pandas. User input is injected into the prompt’s question parameter and reflected into Python code without saniti...

EUVD-2026-25278

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. The user’s input is directly applied to the question parameter within...

Flowise 命令注入漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior to Flowise 3.1.0, there was a command injection vulnerability in versions of the tool. This vulnerability stemmed from the lack of proper sandboxing mechanisms in the run method of the...

Flowise 代码注入漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior versions of Flowise 3.1.0 contained a code injection vulnerability, which was caused by a lack of input validation in the AirtableAgent.ts file. This vulnerability could lead to remote code...

PT-2026-34730

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, there is a remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using Pandas. The user’s input is directly applied to the question parameter within...

Incomplete List of Disallowed Inputs

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the run method of the AirtableAgents class, which evaluates LLM-generated Python scripts in a non-sandboxed environment. An attacker can execute arbitrary code on the...

Incomplete List of Disallowed Inputs

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the run method of the AirtableAgents class, which evaluates LLM-generated Python scripts in a non-sandboxed environment. An attacker can execute...

Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability

ZDI-CAN-29412: FlowiseAI Flowise AirtableAgent Code Injection Remote Code Execution Vulnerability Trend Micro's Zero Day Initiative has identified a vulnerability affecting the following products: Flowise - Flowise -- VULNERABILITY DETAILS ------------------------ Version tested: 3.0.13 Installer...

GHSA-V38X-C887-992F Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability

ZDI-CAN-29412: FlowiseAI Flowise AirtableAgent Code Injection Remote Code Execution Vulnerability Trend Micro's Zero Day Initiative has identified a vulnerability affecting the following products: Flowise - Flowise -- VULNERABILITY DETAILS ------------------------ Version tested: 3.0.13 Installer...