GHSA-f228-chmx-v6j6: Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using `Pandas`.
Summary
Flowise's AirtableAgent has a remote code execution (RCE, where an attacker can run commands on a system they don't own) vulnerability because user input is inserted directly into Python code without sanitization. An attacker can use prompt injection (tricking an AI by hiding instructions in its input) to bypass the intended behavior and execute arbitrary code when the system processes Pandas (a Python library for working with data) operations.
Classification
Affected Vendors
Affected Packages
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://github.com/advisories/GHSA-f228-chmx-v6j6
First tracked: April 17, 2026 at 02:00 AM
Classified by LLM (prompt v3) · confidence: 95%