GHSA-9wc7-mj3f-74xv: Flowise: Code Injection in CSVAgent leads to Authenticated RCE
Summary
Flowise's CSVAgent has a code injection vulnerability where user-provided custom Pandas CSV read code is inserted directly into executable Python code without sanitization, allowing an authenticated attacker to execute arbitrary commands on the server (RCE, or remote code execution). An attacker can create a malicious chat flow and trigger it via API requests to run commands like `os.system()` through the `pyodide` Python runtime.
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-9wc7-mj3f-74xv
First tracked: April 17, 2026 at 02:00 AM
Classified by LLM (prompt v3) · confidence: 95%