Rapid7’s 2026 Global Cybersecurity Summit is now available on-demand.Watch sessions.
Rapid7

module

Flowise CSV Agent Prompt Injection RCE

Disclosed
Apr 22, 2026
Created
Jul 1, 2026

Description

This vulnerability allows remote attackers to execute arbitrary code on affected installations of FlowiseAI Flowise.
Authentication is not required to exploit this vulnerability.

The specific flaw exists within the run method of the CSV_Agents class.
The issue results from the lack of proper sandboxing when evaluating an LLM generated python script.
An attacker can leverage this vulnerability to execute code in the context of the user running the server.

Authors

zdi-disclosures
Takahiro Yokoyama

Platform

Linux,Unix,Windows

Architectures

cmd

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


msf > use exploit/multi/http/flowise_auth_rce_cve_2026_41264
msf exploit(flowise_auth_rce_cve_2026_41264) > show targets
...targets...
msf exploit(flowise_auth_rce_cve_2026_41264) > set TARGET < target-id >
msf exploit(flowise_auth_rce_cve_2026_41264) > show options
...show and set options...
msf exploit(flowise_auth_rce_cve_2026_41264) > exploit

Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.