{"data":{"id":"d9688a7f-f181-43d3-a9d8-4aa865d516bf","title":"CVE-2026-41265: Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific fl","summary":"Flowise is a tool with a visual interface for building customized AI workflows. Before version 3.1.0, the Airtable_Agents component had a security flaw where it ran Python code generated by an AI without proper sandboxing (isolation to prevent unauthorized access). An attacker could use prompt injection (tricking the AI by hiding instructions in user input) to make the AI generate malicious code that runs on the Flowise server.","solution":"Update to version 3.1.0 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-41265","publishedAt":"2026-04-23T20:16:14.890Z","cveId":"CVE-2026-41265","cweIds":["CWE-77"],"cvssScore":null,"cvssSeverity":null,"severity":"critical","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Flowise"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-23T20:16:14.890Z","capecIds":["CAPEC-88"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":["AML.T0051"]}}