CVE-2026-2097

High CVSS: 8.7

Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

Vendor

Flowring

Product

Agentflow

CWE

CWE-434

Yayın Tarihi

2026-02-10 07:16:14

Güncelleme

2026-02-13 20:51:42

Source Identifier

twcert@cert.org.tw

KEV Date Added

Kategoriler

CWE-434 Agentflow HIGH Flowring 2026

Referanslar

https://www.twcert.org.tw/en/cp-139-10700-3534d-2.html https://www.twcert.org.tw/tw/cp-132-10699-49c0b-1.html

Benzer Kayıtlar

Critical

CVE-2026-2096

Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to…

Medium

CVE-2026-2098

AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote atta…

Medium

CVE-2026-2099

AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers…

Critical

CVE-2026-2095

Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to…

Critical

CVE-2025-3709

Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing unauthenticated remote attacker…