CVE-2026-2095

Critical CVSS: 9.3

Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user.

Vendor

Flowring

Product

Agentflow

CWE

CWE-288

Yayın Tarihi

2026-02-10 07:16:13

Güncelleme

2026-02-13 20:53:19

Source Identifier

twcert@cert.org.tw

KEV Date Added

Kategoriler

CWE-288 Agentflow CRITICAL Flowring 2026

Referanslar

https://forum.flowring.com/post/view?bid=72&id=45611&tpg=1&ppg=1&sty=1#45939 https://www.twcert.org.tw/en/cp-139-10700-3534d-2.html https://www.twcert.org.tw/tw/cp-132-10699-49c0b-1.html

Benzer Kayıtlar

Critical

CVE-2026-2096

Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to…

High

CVE-2026-2097

Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to u…

Medium

CVE-2026-2098

AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote atta…

Medium

CVE-2026-2099

AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers…

Critical

CVE-2025-3709

Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing unauthenticated remote attacker…