ID:12794 - Exploit for Code Injection in Flowise - CVE-2026-41264
Published: July 1, 2026
Flowise
Link to public exploit:
Vulnerability description
The vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper sandboxing in the run method of the CSV_Agents class when evaluating an LLM-generated python script from user-supplied prompts. A remote attacker can send a specially crafted prompt to cause execution of attacker-controlled code.
Exploitation requires a chatflow that uses the CSV Agent node, and successful prompt injection may depend on the model used.