2 matches found
CVE-2026-41137
Flowise CVE-2026-41137 affects the Flowise UI stack, specifically the CSVAgent component, which allows providing a custom Pandas CSV read code. The lack of sanitization enables a command-injection payload to be interpolated and executed by the server. This is documented across multiple sources, w...
PT-2026-34729
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description The CSVAgent allows the provision of custom Pandas CSV read code. Due to a lack of sanitization, an attacker can provide a command injection payload that is interpolated and executed by the server...