CVE-2026-41265: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in FlowiseAI Flowise
CVE-2026-41265 is a critical command injection vulnerability in FlowiseAI's Flowise product versions prior to 3. 1. 0. The flaw exists in the run method of the Airtable_Agents class, where an LLM-generated Python script is evaluated without proper sandboxing. An unauthenticated attacker can exploit this by sending crafted prompts to the Airtable Agent node, causing execution of malicious commands on the server. This vulnerability is fixed in version 3. 1. 0. The CVSS 4. 0 score is 9.
AI Analysis
Technical Summary
Flowise versions before 3.1.0 contain a command injection vulnerability (CWE-77) in the Airtable_Agents class's run method. The vulnerability arises from insufficient sandboxing when evaluating Python scripts generated by a large language model (LLM). Attackers can leverage prompt injection techniques to induce the LLM to produce malicious Python code, which is then executed on the Flowise server. This allows unauthenticated remote attackers to execute arbitrary commands. The issue is resolved in Flowise 3.1.0.
Potential Impact
Successful exploitation allows unauthenticated remote attackers to execute arbitrary commands on the Flowise server, potentially leading to full system compromise. The vulnerability affects all versions prior to 3.1.0. There are no reported exploits in the wild at this time.
Mitigation Recommendations
Upgrade Flowise to version 3.1.0 or later, where this vulnerability is fixed. Since this is a self-hosted product, users must apply the update themselves. Patch status is confirmed by the vendor stating the issue is fixed in 3.1.0. No additional mitigations are documented.
CVE-2026-41265: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') in FlowiseAI Flowise
Description
CVE-2026-41265 is a critical command injection vulnerability in FlowiseAI's Flowise product versions prior to 3. 1. 0. The flaw exists in the run method of the Airtable_Agents class, where an LLM-generated Python script is evaluated without proper sandboxing. An unauthenticated attacker can exploit this by sending crafted prompts to the Airtable Agent node, causing execution of malicious commands on the server. This vulnerability is fixed in version 3. 1. 0. The CVSS 4. 0 score is 9.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Flowise versions before 3.1.0 contain a command injection vulnerability (CWE-77) in the Airtable_Agents class's run method. The vulnerability arises from insufficient sandboxing when evaluating Python scripts generated by a large language model (LLM). Attackers can leverage prompt injection techniques to induce the LLM to produce malicious Python code, which is then executed on the Flowise server. This allows unauthenticated remote attackers to execute arbitrary commands. The issue is resolved in Flowise 3.1.0.
Potential Impact
Successful exploitation allows unauthenticated remote attackers to execute arbitrary commands on the Flowise server, potentially leading to full system compromise. The vulnerability affects all versions prior to 3.1.0. There are no reported exploits in the wild at this time.
Mitigation Recommendations
Upgrade Flowise to version 3.1.0 or later, where this vulnerability is fixed. Since this is a self-hosted product, users must apply the update themselves. Patch status is confirmed by the vendor stating the issue is fixed in 3.1.0. No additional mitigations are documented.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-18T14:01:46.801Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69ea89bd87115cfb685d0b1c
Added to database: 4/23/2026, 9:06:05 PM
Last enriched: 4/23/2026, 9:21:07 PM
Last updated: 4/23/2026, 10:13:28 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.