Flowise disclosed and fixed a cluster of high-severity vulnerabilities in versions prior to 3.1.0, including multiple paths to remote code execution. The most serious issues affect the platform's CSV and Airtable agent components, where unsanitized user input or LLM-generated Python code could be evaluated without proper sandboxing. Advisories for CVE-2026-41137, CVE-2026-41264, CVE-2026-41138, and CVE-2026-41265 describe authenticated and unauthenticated attack paths that let attackers inject malicious payloads through chatflows or agent inputs and execute code on the Flowise server, with potential impact to confidentiality, integrity, and availability.
Flowise 3.1.0 also addresses non-RCE flaws that could expose multi-tenant environments and consume third-party service credits. CVE-2026-41279 affects the unauthenticated text-to-speech endpoint at POST /api/v1/text-to-speech/generate, which could accept an arbitrary credentialId and use decrypted stored credentials such as OpenAI or ElevenLabs API keys to generate speech, enabling API credit abuse. In Flowise Cloud, CVE-2026-41267 allows improper mass assignment during account registration, letting unauthenticated attackers inject server-managed fields and manipulate organization associations, ownership metadata, timestamps, and role mappings across tenants. Organizations running Flowise or Flowise Cloud should upgrade to 3.1.0 and review exposed chatflows, stored credentials, and tenant registration controls.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
5 events from the most recent confirmed update back to the earliest known activity.
On April 23, 2026, CVE records were received or updated to add descriptions, CVSS vectors, CWE mappings, and GitHub advisory references. The content explicitly notes update activity for CVE-2026-41137 and CVE-2026-41265 on that date.
Several vulnerabilities affecting Flowise and Flowise Cloud were publicly disclosed, including CVE-2026-41137, CVE-2026-41138, CVE-2026-41264, CVE-2026-41265, CVE-2026-41267, and CVE-2026-41279. The disclosures documented authenticated and unauthenticated RCE paths, tenant-association manipulation, and API credit abuse via stored credentials.
A critical Flowise vulnerability, CVE-2026-41273, was publicly disclosed affecting versions prior to 3.1.0. The flaw allowed unauthenticated attackers to access public chatflow configuration endpoints, extract OAuth credential identifiers, and obtain valid OAuth 2.0 access tokens for unauthorized access to connected third-party services.
Flowise fixed several security flaws in version 3.1.0, including CSVAgent and Airtable agent remote code execution issues, an unauthenticated text-to-speech credential abuse flaw, and a Flowise Cloud account registration mass-assignment issue. All referenced advisories describe affected versions as prior to 3.1.0.
Trend Micro's Zero Day Initiative reported CVE-2026-41265, an unauthenticated remote code execution flaw in Flowise's Airtable_Agent component, to the vendor through coordinated disclosure. The issue allowed arbitrary Python code execution via improper validation in the run method and was credited to Dre Cura and Nicholas Zubrisky.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
9 references tracked. Mallory keeps watching after this page renders.
sentinelone.com
Open sourcecvefeed.io
Open sourcecvefeed.io
Open sourcecvefeed.io
Open sourcecvefeed.io
Open sourcecvefeed.io
Open sourcecvefeed.io
Open sourcecvefeed.io
Open sourcezerodayinitiative.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.