Flowise
Moderate fix1 remedy
cpe:2.3:a:flowiseai:flowise:*:*:*:*:*:*:*
Moderate fix1 remedy
- <= 3.0.13
Flowise CSVAgent Command Injection Vulnerability Leading to Remote Code Execution
Vulnerability
Patched
A command injection vulnerability allowing remote code execution has been identified in Flowise versions through 3.0.13. The issue arises in the CSVAgent component, which permits users to supply custom Pandas CSV reading code. Due to inadequate input sanitization, an attacker can inject a payload that is executed on the server. This vulnerability is addressed in Flowise version 3.1.0.
Impact
Exploitation of this vulnerability allows authenticated users to execute arbitrary code on the server where Flowise is running, potentially leading to a complete compromise of the server.
Reproduction
To reproduce this vulnerability, an authenticated user can create a new chat flow and include a CSVAgent node. The 'customReadCSV' input can be populated with a payload that includes command injection, such as a command to execute on the server. Once the chat flow is executed, the injected command will be executed on the server, demonstrating the vulnerability.
Remediation
Users can upgrade to Flowise version 3.1.0 or later to address this vulnerability.
Added: Apr 23, 2026, 8:57 PM
Updated: Apr 23, 2026, 8:57 PM
Vulnerability Rating
Custom Algorithm
spread
0.3impact
10.0exploitability
6.2remediation
7.7relevance
6.5threat
6.4urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.