CVE-2026-58195
Agentic-Flow (MCP server tools) prior to version 2.0.14 is vulnerable to OS command injection. In affected code paths, tool parameters such as agent, task, name, language, and agentdb could be interpolated directly into shell command strings passed to execSync(), enabling arbitrary command execut...