CVE-2026-41264

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0

Description A flaw exists in the run method of the CSV Agents class due to improper sandboxing when evaluating Python scripts generated by a Large Language Model (LLM). An unauthenticated attacker can use prompt injection techniques to convince the LLM to generate a malicious Python script. Because the input validation in the validatePythonCodeForDataFrame() function can be bypassed, this allows the execution of arbitrary commands on the server in the context of the user running the service.

Recommendations Update to version 3.1.0. As a temporary workaround, restrict access to the CSV Agent node to minimize the risk of exploitation.