DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-V38X-C887-992F: GHSA-V38X-C887-992F: Remote Code Execution in Flowise Airtable Agent

#security #cve #cybersecurity #ghsa

GHSA-V38X-C887-992F: Remote Code Execution in Flowise Airtable Agent

Vulnerability ID: GHSA-V38X-C887-992F
CVSS Score: 9.8
Published: 2026-04-18

Flowise versions up to and including 3.0.13 are vulnerable to a critical remote code execution (RCE) flaw in the Airtable Agent component. The vulnerability arises from improper validation of dynamic Python code executed via the Pandas library, allowing an unauthenticated attacker to execute arbitrary operating system commands.

TL;DR

A critical RCE vulnerability in Flowise's Airtable Agent (<= 3.0.13) permits unauthenticated attackers to execute arbitrary system commands via Python code injection. Organizations must upgrade to version 3.1.0 immediately.

โš ๏ธ Exploit Status: POC

Technical Details

  • CWE ID: CWE-94, CWE-77
  • Attack Vector: Network
  • CVSS v3.1: 9.8
  • Exploit Status: Proof of Concept (PoC) available
  • Authentication: None Required
  • Impact: Remote Code Execution (RCE)

Affected Systems

  • Flowise host operating system
  • Node.js application environment running Flowise
  • Python interpreter utilized by the Airtable Agent
  • flowise: <= 3.0.13 (Fixed in: 3.1.0)
  • flowise-components: <= 3.0.13 (Fixed in: 3.1.0)

Mitigation Strategies

  • Upgrade to patched software version
  • Implement network authentication via reverse proxy
  • Apply least privilege principles to the Flowise execution environment
  • Restrict outbound network traffic from the application server

Remediation Steps:

  1. Identify all deployed instances of Flowise within the infrastructure.
  2. Check the installed version. If the version is 3.0.13 or earlier, proceed to patch.
  3. Update the flowise package via npm: npm install -g flowise@3.1.0 (or higher).
  4. If utilizing Docker, pull the latest image: docker pull flowiseai/flowise:latest and recreate the container.
  5. Ensure API endpoints are protected by authentication layers.
  6. Monitor application logs for unusual Python execution errors or anomalous system commands.

References

Read the full report for GHSA-V38X-C887-992F on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)