CVE-2026-41138

CVE-2026-41138 is a remote code execution vulnerability in Flowise, an open-source drag-and-drop user interface for building customized large language model (LLM) flows. The issue affects versions prior to 3.1.0 and resides in the AirtableAgent.ts component, where a lack of input verification allows malicious user input supplied to the "question" parameter in a prompt template to be directly reflected into executed Python code via Pandas without sanitization. This CWE-94 (code injection) flaw carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for arbitrary code execution.

An attacker with low-privilege access (PR:L), such as an authenticated user, can exploit this over the network with low complexity and no user interaction required. By crafting malicious input that injects Python code through the unsanitized prompt parameter, the attacker achieves remote code execution on the server, potentially compromising confidentiality, integrity, and availability with high impact—enabling full system takeover, data exfiltration, or further lateral movement.

The vulnerability is addressed in Flowise version 3.1.0, as detailed in the official security advisory at https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-f228-chmx-v6j6. Security practitioners should prioritize upgrading to 3.1.0 or later and review access controls for AirtableAgent usage.

Flowise's role in LLM orchestration makes this vulnerability particularly relevant for AI/ML deployments, where untrusted inputs could propagate through agentic workflows. No public evidence of real-world exploitation has been reported as of the CVE publication on 2026-04-23.