{"data":{"id":"58bd513d-fa76-4a5d-bbb0-c948e6a1cf14","title":"GHSA-9wc7-mj3f-74xv: Flowise: Code Injection in CSVAgent leads to Authenticated RCE","summary":"Flowise's CSVAgent has a code injection vulnerability where user-provided custom Pandas CSV read code is inserted directly into executable Python code without sanitization, allowing an authenticated attacker to execute arbitrary commands on the server (RCE, or remote code execution). An attacker can create a malicious chat flow and trigger it via API requests to run commands like `os.system()` through the `pyodide` Python runtime.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-9wc7-mj3f-74xv","publishedAt":"2026-04-16T21:44:15.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":[],"issueType":"vulnerability","affectedPackages":["flowise-components@<= 3.0.13 (fixed: 3.1.0)","flowise@<= 3.0.13 (fixed: 3.1.0)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["Flowise","OpenAI","Pandas"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-04-16T21:44:15.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}