RCE in Flowiseai Flowise

CVE-2026-41265

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the Airtable_Agents class. The issue results from the lack of proper sandboxing when…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.003 (56.2th percentile) — read the EPSS interpretation.

Affected products

Flowiseai Flowise — versions < 3.1.0

Weakness classification (CWE)

CWE-77 — Command Injection

References

https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-v38x-c887-992f (x_refsource_CONFIRM)