CVE-2026-41138: Flowise: Remote code execution vulnerability in AirtableAgent.ts caused by lack of input verification when using `Pandas`.

April 16, 2026 (updated April 24, 2026)

“AirtableAgent” is an agent function provided by FlowiseAI that retrieves search results by accessing private datasets from airtable.com. “AirtableAgent” uses Python, along with Pyodide and Pandas, to get and return results.

The user’s input is directly applied to the question parameter within the prompt template and it is reflected to the Python code without any sanitization.

The point is that an attacker can bypass the intended behavior of the LLM and trigger Remote Code Execution through a simple prompt injection.

References

github.com/FlowiseAI/Flowise
github.com/FlowiseAI/Flowise/security/advisories/GHSA-f228-chmx-v6j6
github.com/advisories/GHSA-f228-chmx-v6j6
nvd.nist.gov/vuln/detail/CVE-2026-41138

Code Behaviors & Features

Detect and mitigate CVE-2026-41138 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →