<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-04T02:29:00.834525+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/da99882a-a9da-4ecf-8a20-6b8d051e6180/export</id>
    <title>da99882a-a9da-4ecf-8a20-6b8d051e6180</title>
    <updated>2026-07-04T02:29:00.858926+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "da99882a-a9da-4ecf-8a20-6b8d051e6180", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41264", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/flowise_auth_rce_cve_2026_41264.rb", "content": "{\"aliases\": [], \"arch\": \"cmd\", \"author\": [\"zdi-disclosures\", \"Takahiro Yokoyama\"], \"autofilter_ports\": [80, 8080, 443, 8000, 8888, 8880, 8008, 3000, 8443], \"autofilter_services\": [\"http\", \"https\"], \"check\": true, \"default_credential\": false, \"description\": \"This vulnerability allows remote attackers to execute arbitrary code on affected installations of FlowiseAI Flowise.\\n          Authentication is not required to exploit this vulnerability.\\n\\n          The specific flaw exists within the run method of the CSV_Agents class.\\n          The issue results from the lack of proper sandboxing when evaluating an LLM generated python script.\\n          An attacker can leverage this vulnerability to execute code in the context of the user running the server.\", \"disclosure_date\": \"2026-04-22\", \"fullname\": \"exploit/multi/http/flowise_auth_rce_cve_2026_41264\", \"is_install_path\": true, \"mod_time\": \"2026-06-06 12:25:07 +0000\", \"name\": \"Flowise CSV Agent Prompt Injection RCE\", \"needs_cleanup\": null, \"notes\": {\"Reliability\": [\"repeatable-session\"], \"SideEffects\": [\"ioc-in-logs\"], \"Stability\": [\"crash-safe\"]}, \"path\": \"/modules/exploits/multi/http/flowise_auth_rce_cve_2026_41264.rb\", \"platform\": \"Linux,Unix,Windows\", \"post_auth\": false, \"rank\": 600, \"ref_name\": \"multi/http/flowise_auth_rce_cve_2026_41264\", \"references\": [\"CVE-2026-41264\", \"GHSA-3hjv-c53m-58jj\"], \"rport\": 3000, \"session_types\": false, \"targets\": [\"Linux Command\", \"Windows Command\"], \"type\": \"exploit\"}", "creation_timestamp": "2026-07-03T08:40:03.367903Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/da99882a-a9da-4ecf-8a20-6b8d051e6180/export"/>
    <published>2026-07-03T08:40:03.367903+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/bc41f443-01aa-45b1-8773-940888ab8111/export</id>
    <title>bc41f443-01aa-45b1-8773-940888ab8111</title>
    <updated>2026-07-04T02:29:00.862411+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "bc41f443-01aa-45b1-8773-940888ab8111", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41264", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mke2376l4i2t", "content": "", "creation_timestamp": "2026-04-25T22:00:28.721224Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/bc41f443-01aa-45b1-8773-940888ab8111/export"/>
    <published>2026-04-25T22:00:28.721224+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/a05bbbbc-13d7-46a2-9147-eda52663e4d7/export</id>
    <title>a05bbbbc-13d7-46a2-9147-eda52663e4d7</title>
    <updated>2026-07-04T02:29:00.862631+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "a05bbbbc-13d7-46a2-9147-eda52663e4d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41264", "type": "published-proof-of-concept", "source": "Telegram/LhBAsLXZuywUMfmIXbSwPnWzjb6RJaoGfmWe6gs8QchtB8o", "content": "", "creation_timestamp": "2026-04-23T21:26:14.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/a05bbbbc-13d7-46a2-9147-eda52663e4d7/export"/>
    <published>2026-04-23T21:26:14+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/42f78dcd-7075-4bdc-9461-f6770d237ff3/export</id>
    <title>42f78dcd-7075-4bdc-9461-f6770d237ff3</title>
    <updated>2026-07-04T02:29:00.862791+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "42f78dcd-7075-4bdc-9461-f6770d237ff3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41264", "type": "published-proof-of-concept", "source": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-3hjv-c53m-58jj", "content": "", "creation_timestamp": "2026-04-15T21:44:36.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/42f78dcd-7075-4bdc-9461-f6770d237ff3/export"/>
    <published>2026-04-15T21:44:36+00:00</published>
  </entry>
</feed>
