Vulnerability in Flowiseai Flowise

CVE-2026-41264

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the CSV_Agents class. The issue results from the lack of proper sandboxing when eval…

EPSS: 0.002 (44.0th percentile) — read the EPSS interpretation.

Affected products

Flowiseai Flowise — versions < 3.1.0

Weakness classification (CWE)

CWE-184 — Incomplete List of Disallowed Inputs

References

https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-3hjv-c53m-58jj (x_refsource_CONFIRM)