CVE-2026-7466

AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipelinepath parameter to the POST /api/runs and POST /api/runs/validate endpoints. Attackers can induce requests to the local AgentFlow API to...

CVE-2026-7466

AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipelinepath parameter to the POST /api/runs and POST /api/runs/validate endpoints. Attackers can induce requests to the local AgentFlow API to...

AgentFlow 访问控制错误漏洞

AgentFlow is an open-source multi-agent orchestration and dependency graph execution tool developed by Bera Buddies. There is a security vulnerability in AgentFlow related to access control. This vulnerability stems from the local Web API accepting non-JSON content types at the POST /api/runs and...

CVE-2024-2195 Remote Code Execution in aimhubio/aim

A critical Remote Code Execution RCE vulnerability was identified in the aimhubio/aim project, specifically within the /api/runs/search/run/ endpoint, affecting versions = 3.0.0. The vulnerability resides in the runsearchapi function of the aim/web/api/runs/views.py file, where improper restricti...