GHSA-V38X-C887-992F: Remote Code Execution in Flowise Airtable Agent

Vulnerability ID: GHSA-V38X-C887-992F
CVSS Score: 9.8
Published: 2026-04-18

Flowise versions up to and including 3.0.13 are vulnerable to a critical remote code execution (RCE) flaw in the Airtable Agent component. The vulnerability arises from improper validation of dynamic Python code executed via the Pandas library, allowing an unauthenticated attacker to execute arbitrary operating system commands.

TL;DR

A critical RCE vulnerability in Flowise's Airtable Agent (<= 3.0.13) permits unauthenticated attackers to execute arbitrary system commands via Python code injection. Organizations must upgrade to version 3.1.0 immediately.

⚠️ Exploit Status: POC

Technical Details

CWE ID: CWE-94, CWE-77
Attack Vector: Network
CVSS v3.1: 9.8
Exploit Status: Proof of Concept (PoC) available
Authentication: None Required
Impact: Remote Code Execution (RCE)

Affected Systems

Flowise host operating system
Node.js application environment running Flowise
Python interpreter utilized by the Airtable Agent
flowise: <= 3.0.13 (Fixed in: 3.1.0)
flowise-components: <= 3.0.13 (Fixed in: 3.1.0)

Mitigation Strategies

Upgrade to patched software version
Implement network authentication via reverse proxy
Apply least privilege principles to the Flowise execution environment
Restrict outbound network traffic from the application server

Remediation Steps:

Identify all deployed instances of Flowise within the infrastructure.
Check the installed version. If the version is 3.0.13 or earlier, proceed to patch.
Update the flowise package via npm: npm install -g flowise@3.1.0 (or higher).
If utilizing Docker, pull the latest image: docker pull flowiseai/flowise:latest and recreate the container.
Ensure API endpoints are protected by authentication layers.
Monitor application logs for unusual Python execution errors or anomalous system commands.