{"data":{"id":"68e23887-4c48-4a58-acfb-59322d06e9c2","title":"GHSA-3hjv-c53m-58jj: Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability","summary":"Flowise version 3.0.13 has a vulnerability in its CSV Agent node that allows attackers to run arbitrary code on the server without needing to log in. The flaw occurs because the CSV Agent's `run` method doesn't properly sandbox (isolate) Python code generated by an LLM, and the validation checks that try to block dangerous commands can be bypassed, letting attackers execute system commands through the LLM-generated script.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-3hjv-c53m-58jj","publishedAt":"2026-04-21T20:19:52.000Z","cveId":"CVE-2026-41264","cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":["flowise-components@<= 3.0.13 (fixed: 3.1.0)","flowise@<= 3.0.13 (fixed: 3.1.0)"],"affectedVendors":["LangChain"],"affectedVendorsRaw":["FlowiseAI","Flowise"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-04-21T20:19:52.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0051"]}}