CVE-2026-41274 | FlowiseAI Flowise/flowise-components up to 3.0.x GraphCypherQAChain data query logic injection (GHSA-28g4-38q8-3cwc)

A vulnerability categorized as critical has been discovered in FlowiseAI Flowise and flowise-components up to 3.0.x. The impacted element is an unknown function of the component GraphCypherQAChain. Such manipulation leads to improper neutralization of special elements in data query logic.

This vulnerability is traded as CVE-2026-41274. The attack may be launched remotely. There is no exploit available.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More