CVE-2026-41274
Published: 23 April 2026
Summary
CVE-2026-41274 is a critical-severity Improper Neutralization of Special Elements in Data Query Logic (CWE-943) vulnerability in Flowiseai Flowise. Its CVSS base score is 9.3 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 39.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Data-Related Vulnerabilities risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-41274 is a Cypher injection vulnerability (CWE-943) in Flowise, an open-source drag-and-drop user interface for building customized large language model (LLM) flows. In versions prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline of the underlying Neo4j database without proper sanitization. This flaw, published on 2026-04-23 and assigned a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), enables attackers to inject and execute arbitrary Cypher commands.
The vulnerability can be exploited by any unauthenticated remote attacker who can provide malicious input to the GraphCypherQAChain node. Successful exploitation grants full control over the Neo4j database, allowing data exfiltration, modification, or deletion depending on the injected commands and database permissions.
The official Flowise security advisory (GHSA-28g4-38q8-3cwc) states that the vulnerability is fixed in version 3.1.0 through proper input sanitization in the GraphCypherQAChain node. Practitioners should upgrade to Flowise 3.1.0 or later and review Neo4j database access controls as an interim measure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-25313
Vulnerability details
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary…
more
Cypher commands that are executed on the underlying Neo4j database, enabling data exfiltration, modification, or deletion. This vulnerability is fixed in 3.1.0.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Data-Related Vulnerabilities
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: flowise, large language model
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct unauthenticated remote Cypher injection into a public-facing Flowise web application node, matching T1190 Exploit Public-Facing Application; enables arbitrary database query execution leading to data exfil/modification/deletion.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mandates input validation to sanitize user-provided input before forwarding to the Cypher query execution pipeline, preventing arbitrary command injection.
Requires timely identification, reporting, and correction of flaws like this Cypher injection vulnerability by upgrading to Flowise 3.1.0 or later.
Limits the impact of injected Cypher commands by enforcing least privilege on the underlying Neo4j database user account.