External risk intelligence

Flowise allows attackers to steal or change sensitive data

CVE advisorySeverity: CRITICAL (CVSS 9.3)

CVE-2026-41274

Flowise versions before 3.1.0 have a critical flaw allowing attackers to steal or alter data stored in your Neo4j database by injecting malicious commands. Update immediately to protect your sensitive information.

4Halo Surface Signal

Flowiseai Flowise

before 3.1.0

External exposure likelihood

Halo Surface Signal score for CVE-2026-41274

Flowise is a web-based interface used for building LLM flows. The vulnerability is accessible through the web application's interface. Because Flowise is typically deployed as a web-accessible service to facilitate user interactions, it is commonly exposed as an internet-facing web application in various deployment environments.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Horizon Alert

Summary of the vulnerability and why it matters

The Flowise application has a critical vulnerability where user input is not properly sanitized when building custom large language model flows. This allows an attacker to inject malicious commands that can be executed on the connected Neo4j database. This is a serious concern as it can lead to unauthorized access and manipulation of sensitive data.

  • Data can be stolen or altered.
  • Anyone can potentially exploit this.
  • Requires use of the affected application.

Attack Path

How an attacker could exploit the issue

An attacker can exploit this by sending crafted input to a Flowise instance prior to version 3.1.0. This input will be directly embedded into a Cypher query executed against an underlying Neo4j database, allowing the attacker to read, modify, or delete sensitive data.

  • No authentication required.
  • Target is user input to GraphCypherQAChain.
  • Exploitation requires a vulnerable Flowise instance.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability allows unauthenticated attackers to inject malicious Cypher commands directly into a Neo4j database through the GraphCypherQAChain node in Flowise versions prior to 3.1.0. Exploitation could lead to sensitive data being exfiltrated, modified, or deleted, representing a significant risk to data integrity and confidentiality. Attackers would find this appealing due to the direct database access it offers without authentication.

  • No known exploitation in the wild.
  • Public exploit code is not yet available.
  • Vulnerability affects a web-facing application.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize patching all Flowise instances to version 3.1.0 or later immediately, as unpatched versions are critically vulnerable to Cypher injection attacks. If immediate patching is not feasible, isolate affected services from the network to prevent exploitation and subsequent data compromise.

  • Update Flowise to version 3.1.0 or newer.
  • Block network access to vulnerable instances.
  • Monitor for unauthorized Cypher query executions.

Frequently asked questions

What is Flowise and what does it do?

Flowise is a user interface that allows for the drag-and-drop construction of custom large language model (LLM) flows. It facilitates the visual development of AI applications by enabling users to connect various components for processing and interacting with LLMs.

What type of weakness does CVE-2026-41274 represent in Flowise?

CVE-2026-41274 is a code injection vulnerability classified as CWE-943, Improper Limitation of Input in a Command or Function. This occurs because user-supplied input is not adequately secured before being used in Cypher queries, permitting the execution of malicious commands against the database.

How can attackers exploit the vulnerability in Flowise?

Attackers can exploit this vulnerability by sending specially crafted input to Flowise instances that are older than version 3.1.0. This input is directly incorporated into Cypher queries executed against the underlying Neo4j database, granting attackers the ability to read, modify, or delete sensitive data.

What is the relevance of CVE-2026-41274 to a web-facing application?

The vulnerability allows unauthenticated attackers to inject malicious Cypher commands directly into a Neo4j database via Flowise's GraphCypherQAChain node. This offers attackers direct database access without authentication, posing a significant risk to data integrity and confidentiality. Halo Surface Signal indicates a 'Likely' exposure due to Flowise typically being a web-accessible service.

What is the recommended action to address the Flowise vulnerability?

The primary recommendation is to update all Flowise instances to version 3.1.0 or a later release as soon as possible. If immediate patching is not possible, isolating the affected services from the network is advised to prevent exploitation and potential data compromise.

References

Sources and related resources

Primary sources: NVD, CVE.org.

NVDPublished Modified