CVE-2026-41274
Published: 23 April 2026
Summary
CVE-2026-41274 is a critical-severity Improper Neutralization of Special Elements in Data Query Logic (CWE-943) vulnerability in Flowiseai Flowise. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 36.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other AI Platforms; in the Privacy and Disclosure risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mandates input validation to sanitize user-provided input before forwarding to the Cypher query execution pipeline, preventing arbitrary command injection.
Requires timely identification, reporting, and correction of flaws like this Cypher injection vulnerability by upgrading to Flowise 3.1.0 or later.
Limits the impact of injected Cypher commands by enforcing least privilege on the underlying Neo4j database user account.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct unauthenticated remote Cypher injection into a public-facing Flowise web application node, matching T1190 Exploit Public-Facing Application; enables arbitrary database query execution leading to data exfil/modification/deletion.
NVD Description
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary…
more
Cypher commands that are executed on the underlying Neo4j database, enabling data exfiltration, modification, or deletion. This vulnerability is fixed in 3.1.0.
Deeper analysisAI
CVE-2026-41274 is a Cypher injection vulnerability (CWE-943) in Flowise, an open-source drag-and-drop user interface for building customized large language model (LLM) flows. In versions prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline of the underlying Neo4j database without proper sanitization. This flaw, published on 2026-04-23 and assigned a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), enables attackers to inject and execute arbitrary Cypher commands.
The vulnerability can be exploited by any unauthenticated remote attacker who can provide malicious input to the GraphCypherQAChain node. Successful exploitation grants full control over the Neo4j database, allowing data exfiltration, modification, or deletion depending on the injected commands and database permissions.
The official Flowise security advisory (GHSA-28g4-38q8-3cwc) states that the vulnerability is fixed in version 3.1.0 through proper input sanitization in the GraphCypherQAChain node. Practitioners should upgrade to Flowise 3.1.0 or later and review Neo4j database access controls as an interim measure.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- Privacy and Disclosure
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: large language model