Synthesizing Multi-Agent Harnesses for Vulnerability Discovery

LLM agents have begun to find real security vulnerabilities that human auditors and automated fuzzers missed for decades, in source-available targets where the analyst can build and instrument the code. In practice the work is split among several agents, wired together by a harness: the program...

EUVD-2026-10930

Flowise affected by Server-Side Request Forgery SSRF in HTTP Node Leading to Internal Network Access...

CVE-2026-31829 Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.0.13, Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including...

PT-2026-26383

Summary A client authenticated with a shared gateway token could connect as role=node without device identity/pairing, then call node.event to trigger agent.request and voice.transcript flows. Affected Packages / Versions - Package: npm openclaw - Affected versions: = 2026.2.21-2 - Patched versio...

SUSE CVE-2024-8996

Unquoted Search Path or Element vulnerability in Grafana Agent Flow mode on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2...

CVE-2024-8996 Grafana Agent Flow on Windows Unquoted service path

Unquoted Search Path or Element vulnerability in Grafana Agent Flow mode on Windows allows Privilege Escalation from Local User to SYSTEM This issue affects Agent Flow: before 0.43.2...

Grafana Agent flow mode unquoted service path

On a windows machine, the Grafana Agent Flow mode service prior to version 0.43.1 is vulnerable to a privilege escalation from local user to SYSTEM due to an unquoted service path. It is recommended that you remove the Grafana Agent Flow installation and do a clean install. An update will not...