Lucene search
K

6 matches found

Metasploit
Metasploit
added 2026/07/01 7:4 p.m.98 views

Flowise CSV Agent Prompt Injection RCE

This vulnerability allows remote attackers to execute arbitrary code on affected installations of FlowiseAI Flowise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the run method of the CSVAgents class. The issue results from the lack of proper...

9.8CVSS6.4AI score0.01028EPSS
Exploits3
Vulnrichment
Vulnrichment
added 2026/04/23 8:0 p.m.3 views

CVE-2026-41264 Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the CSVAgents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. An attacker can...

9.2CVSS5.8AI score0.01028EPSS
Exploits3References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 8:0 p.m.7 views

CVE-2026-41264

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the CSVAgents class. The issue results from the lack of proper sandboxing when evaluating an LLM generated python script. An attacker can...

9.8CVSS6AI score0.01028EPSS
Exploits3References3Affected Software1
CVE
CVE
added 2026/04/23 8:0 p.m.29 views

CVE-2026-41264

Flowise CVE-2026-41264 affects the Flowise CSV Agent node. The flaw is in the run method of the CSV_Agents class, where an LLM-generated Python script is evaluated without proper sandboxing, enabling prompt-injection to cause execution of attacker-controlled commands on the Flowise server. This a...

9.8CVSS6AI score0.01028EPSS
Exploits3References1Affected Software1
OSV
OSV
added 2026/04/21 8:19 p.m.10 views

GHSA-3HJV-C53M-58JJ Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability

Abstract Trend Micro's Zero Day Initiative has identified a vulnerability affecting FlowiseAI Flowise. Vulnerability Details - Version tested: 3.0.13 - Installer file: https://github.com/FlowiseAI/Flowise - Platform tested: Ubuntu 25.10 Analysis This vulnerability allows remote attackers to execu...

9.8CVSS6.2AI score0.01028EPSS
Exploits3References3
OSV
OSV
added 2026/04/18 12:46 a.m.5 views

GHSA-V38X-C887-992F Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability

ZDI-CAN-29412: FlowiseAI Flowise AirtableAgent Code Injection Remote Code Execution Vulnerability Trend Micro's Zero Day Initiative has identified a vulnerability affecting the following products: Flowise - Flowise -- VULNERABILITY DETAILS ------------------------ Version tested: 3.0.13 Installer...

9.8CVSS7.8AI score0.00464EPSS
Exploits1References3
Rows per page
Query Builder