<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<rss xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/" version="2.0">
  <channel>
    <title>Most recent sightings.</title>
    <link>https://vulnerability.circl.lu</link>
    <description>Contains only the most 10 recent sightings.</description>
    <docs>http://www.rssboard.org/rss-specification</docs>
    <generator>python-feedgen</generator>
    <language>en</language>
    <lastBuildDate>Fri, 03 Jul 2026 14:57:17 +0000</lastBuildDate>
    <item>
      <title>da99882a-a9da-4ecf-8a20-6b8d051e6180</title>
      <link>https://vulnerability.circl.lu/sighting/da99882a-a9da-4ecf-8a20-6b8d051e6180/export</link>
      <description>{"uuid": "da99882a-a9da-4ecf-8a20-6b8d051e6180", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41264", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/flowise_auth_rce_cve_2026_41264.rb", "content": "{\"aliases\": [], \"arch\": \"cmd\", \"author\": [\"zdi-disclosures\", \"Takahiro Yokoyama\"], \"autofilter_ports\": [80, 8080, 443, 8000, 8888, 8880, 8008, 3000, 8443], \"autofilter_services\": [\"http\", \"https\"], \"check\": true, \"default_credential\": false, \"description\": \"This vulnerability allows remote attackers to execute arbitrary code on affected installations of FlowiseAI Flowise.\\n          Authentication is not required to exploit this vulnerability.\\n\\n          The specific flaw exists within the run method of the CSV_Agents class.\\n          The issue results from the lack of proper sandboxing when evaluating an LLM generated python script.\\n          An attacker can leverage this vulnerability to execute code in the context of the user running the server.\", \"disclosure_date\": \"2026-04-22\", \"fullname\": \"exploit/multi/http/flowise_auth_rce_cve_2026_41264\", \"is_install_path\": true, \"mod_time\": \"2026-06-06 12:25:07 +0000\", \"name\": \"Flowise CSV Agent Prompt Injection RCE\", \"needs_cleanup\": null, \"notes\": {\"Reliability\": [\"repeatable-session\"], \"SideEffects\": [\"ioc-in-logs\"], \"Stability\": [\"crash-safe\"]}, \"path\": \"/modules/exploits/multi/http/flowise_auth_rce_cve_2026_41264.rb\", \"platform\": \"Linux,Unix,Windows\", \"post_auth\": false, \"rank\": 600, \"ref_name\": \"multi/http/flowise_auth_rce_cve_2026_41264\", \"references\": [\"CVE-2026-41264\", \"GHSA-3hjv-c53m-58jj\"], \"rport\": 3000, \"session_types\": false, \"targets\": [\"Linux Command\", \"Windows Command\"], \"type\": \"exploit\"}", "creation_timestamp": "2026-07-03T08:40:03.367903Z"}</description>
      <content:encoded>{"uuid": "da99882a-a9da-4ecf-8a20-6b8d051e6180", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41264", "type": "seen", "source": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/flowise_auth_rce_cve_2026_41264.rb", "content": "{\"aliases\": [], \"arch\": \"cmd\", \"author\": [\"zdi-disclosures\", \"Takahiro Yokoyama\"], \"autofilter_ports\": [80, 8080, 443, 8000, 8888, 8880, 8008, 3000, 8443], \"autofilter_services\": [\"http\", \"https\"], \"check\": true, \"default_credential\": false, \"description\": \"This vulnerability allows remote attackers to execute arbitrary code on affected installations of FlowiseAI Flowise.\\n          Authentication is not required to exploit this vulnerability.\\n\\n          The specific flaw exists within the run method of the CSV_Agents class.\\n          The issue results from the lack of proper sandboxing when evaluating an LLM generated python script.\\n          An attacker can leverage this vulnerability to execute code in the context of the user running the server.\", \"disclosure_date\": \"2026-04-22\", \"fullname\": \"exploit/multi/http/flowise_auth_rce_cve_2026_41264\", \"is_install_path\": true, \"mod_time\": \"2026-06-06 12:25:07 +0000\", \"name\": \"Flowise CSV Agent Prompt Injection RCE\", \"needs_cleanup\": null, \"notes\": {\"Reliability\": [\"repeatable-session\"], \"SideEffects\": [\"ioc-in-logs\"], \"Stability\": [\"crash-safe\"]}, \"path\": \"/modules/exploits/multi/http/flowise_auth_rce_cve_2026_41264.rb\", \"platform\": \"Linux,Unix,Windows\", \"post_auth\": false, \"rank\": 600, \"ref_name\": \"multi/http/flowise_auth_rce_cve_2026_41264\", \"references\": [\"CVE-2026-41264\", \"GHSA-3hjv-c53m-58jj\"], \"rport\": 3000, \"session_types\": false, \"targets\": [\"Linux Command\", \"Windows Command\"], \"type\": \"exploit\"}", "creation_timestamp": "2026-07-03T08:40:03.367903Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/da99882a-a9da-4ecf-8a20-6b8d051e6180/export</guid>
      <pubDate>Fri, 03 Jul 2026 08:40:03 +0000</pubDate>
    </item>
    <item>
      <title>bc41f443-01aa-45b1-8773-940888ab8111</title>
      <link>https://vulnerability.circl.lu/sighting/bc41f443-01aa-45b1-8773-940888ab8111/export</link>
      <description>{"uuid": "bc41f443-01aa-45b1-8773-940888ab8111", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41264", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mke2376l4i2t", "content": "", "creation_timestamp": "2026-04-25T22:00:28.721224Z"}</description>
      <content:encoded>{"uuid": "bc41f443-01aa-45b1-8773-940888ab8111", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41264", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mke2376l4i2t", "content": "", "creation_timestamp": "2026-04-25T22:00:28.721224Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/bc41f443-01aa-45b1-8773-940888ab8111/export</guid>
      <pubDate>Sat, 25 Apr 2026 22:00:28 +0000</pubDate>
    </item>
    <item>
      <title>a05bbbbc-13d7-46a2-9147-eda52663e4d7</title>
      <link>https://vulnerability.circl.lu/sighting/a05bbbbc-13d7-46a2-9147-eda52663e4d7/export</link>
      <description>{"uuid": "a05bbbbc-13d7-46a2-9147-eda52663e4d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41264", "type": "published-proof-of-concept", "source": "Telegram/LhBAsLXZuywUMfmIXbSwPnWzjb6RJaoGfmWe6gs8QchtB8o", "content": "", "creation_timestamp": "2026-04-23T21:26:14.000000Z"}</description>
      <content:encoded>{"uuid": "a05bbbbc-13d7-46a2-9147-eda52663e4d7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41264", "type": "published-proof-of-concept", "source": "Telegram/LhBAsLXZuywUMfmIXbSwPnWzjb6RJaoGfmWe6gs8QchtB8o", "content": "", "creation_timestamp": "2026-04-23T21:26:14.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/a05bbbbc-13d7-46a2-9147-eda52663e4d7/export</guid>
      <pubDate>Thu, 23 Apr 2026 21:26:14 +0000</pubDate>
    </item>
    <item>
      <title>42f78dcd-7075-4bdc-9461-f6770d237ff3</title>
      <link>https://vulnerability.circl.lu/sighting/42f78dcd-7075-4bdc-9461-f6770d237ff3/export</link>
      <description>{"uuid": "42f78dcd-7075-4bdc-9461-f6770d237ff3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41264", "type": "published-proof-of-concept", "source": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-3hjv-c53m-58jj", "content": "", "creation_timestamp": "2026-04-15T21:44:36.000000Z"}</description>
      <content:encoded>{"uuid": "42f78dcd-7075-4bdc-9461-f6770d237ff3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41264", "type": "published-proof-of-concept", "source": "https://github.com/FlowiseAI/Flowise/security/advisories/GHSA-3hjv-c53m-58jj", "content": "", "creation_timestamp": "2026-04-15T21:44:36.000000Z"}</content:encoded>
      <guid isPermaLink="false">https://vulnerability.circl.lu/sighting/42f78dcd-7075-4bdc-9461-f6770d237ff3/export</guid>
      <pubDate>Wed, 15 Apr 2026 21:44:36 +0000</pubDate>
    </item>
  </channel>
</rss>
