GHSA-3hjv-c53m-58jj: Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability
Summary
Flowise version 3.0.13 has a vulnerability in its CSV Agent node that allows attackers to run arbitrary code on the server without needing to log in. The flaw occurs because the CSV Agent's `run` method doesn't properly sandbox (isolate) Python code generated by an LLM, and the validation checks that try to block dangerous commands can be bypassed, letting attackers execute system commands through the LLM-generated script.
Vulnerability Details
EPSS: 0.0%
Yes
April 21, 2026
Classification
Taxonomy References
Affected Vendors
Affected Packages
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-3hjv-c53m-58jj
First tracked: April 21, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 92%