17 matches found
EUVD-2026-23456
ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory...
CVE-2026-40518
ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory...
CVE-2026-40518
CVE-2026-40518 affects ByteDance DeerFlow prior to commit 2176b2b. The vulnerability is a path traversal and arbitrary file write in bootstrap-mode custom-agent creation where agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to inf...
CVE-2026-40518 ByteDance DeerFlow Path Traversal and Arbitrary File Write via Bootstrap Mode
ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory...
CVE-2026-40518 ByteDance DeerFlow Path Traversal and Arbitrary File Write via Bootstrap Mode
ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory...
CVE-2026-40518
ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory...
PT-2026-33466
Name of the Vulnerable Software and Affected Versions ByteDance DeerFlow versions prior to commit 2176b2b Description An issue exists in bootstrap-mode custom-agent creation where the validation of the agent name is bypassed. This allows attackers to use absolute paths or traversal-style values a...
DeerFlow 安全漏洞
DeerFlow is an open-source orchestration framework developed by Bytedance, used to coordinate sub-agents and skill executions. DeerFlow has a security vulnerability, which stems from the bypass of agent name validation during the creation of custom agents in boot mode. This vulnerability may lead...
CVE-2026-34430
CVE-2026-34430 affects ByteDance DeerFlow versions before commit 92c7a20. A sandbox escape exists in the bash tool handling, allowing an attacker to bypass regex-based validation via shell features (e.g., directory changes, relative paths) and exploit incomplete shell semantics modeling to read/m...
CVE-2026-34430 ByteDance DeerFlow LocalSandboxProvider Host Bash Escape
ByteDance Deer-Flow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host system by bypassing regex-based validation using shell features such as directory changes and relative paths. Attackers...
CVE-2026-34430
ByteDance DeerFlow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host system by bypassing regex-based validation using shell features such as directory changes and relative paths. Attackers...
CVE-2026-34430 ByteDance DeerFlow LocalSandboxProvider Host Bash Escape
ByteDance DeerFlow versions prior to commit 92c7a20 contain a sandbox escape vulnerability in bash tool handling that allows attackers to execute arbitrary commands on the host system by bypassing regex-based validation using shell features such as directory changes and relative paths. Attackers...
DeerFlow 安全漏洞
DeerFlow is an open-source orchestration framework developed by Bytedance, used to coordinate sub-proxies and skill executions. Versions of DeerFlow prior to 92c7a20 contained security vulnerabilities. These vulnerabilities stemmed from sandbox escapes in bash tool processing. Attackers could...
CVE-2026-32859
ByteDance DeerFlow versions prior to commit 5dbb362 contain a stored cross-site scripting vulnerability in the artifacts API that allows attackers to execute arbitrary scripts by uploading malicious HTML or script content as artifacts. Attackers can store malicious content that executes in the...
CVE-2026-32859 ByteDance DeerFlow Stored XSS via Inline Artifact Rendering
ByteDance DeerFlow versions prior to commit 5dbb362 contain a stored cross-site scripting vulnerability in the artifacts API that allows attackers to execute arbitrary scripts by uploading malicious HTML or script content as artifacts. Attackers can store malicious content that executes in the...
CVE-2026-32859 ByteDance DeerFlow Stored XSS via Inline Artifact Rendering
ByteDance Deer-Flow versions prior to commit 5dbb362 contain a stored cross-site scripting vulnerability in the artifacts API that allows attackers to execute arbitrary scripts by uploading malicious HTML or script content as artifacts. Attackers can store malicious content that executes in the...
DeerFlow 安全漏洞
DeerFlow is an open-source orchestration framework developed by Bytedance, used to coordinate sub-agents and skill executions. Versions of DeerFlow prior to 5dbb362 contained security vulnerabilities. These vulnerabilities stemmed from a stored-cross-site scripting vulnerability in the artifacts...