Agentflow Security Vulnerabilities and Issues — Agentflow CVE List

FlowringAgentflow

9 matches found

CVE•added 2022/11/10 2:20 a.m.•68 views

CVE-2022-39037

CVE-2022-39037 affects Flowring Technology’s Agentflow BPM, where the file download feature suffers a path traversal flaw. An unauthenticated remote attacker can rely on this to bypass authentication and download arbitrary system files. The vulnerability is documented across multiple sources (NVD...

7.5CVSS7.8AI score0.01224EPSS

CVE•added 2025/05/02 3:13 a.m.•64 views

CVE-2025-3709

CVE-2025-3709 concerns Flowring Technology’s Agentflow (Flowring Agentflow BPM). The vulnerability is an Account Lockout Bypass that enables unauthenticated remote attackers to perform password brute-force attempts. Affected component: Agentflow in Flowring Technology’s BPM product. Root cause: b...

9.8CVSS9.7AI score0.00477EPSS

CVE•added 2022/11/10 2:20 a.m.•56 views

CVE-2022-39038

The CVE concerns Flowring Technology’s Agentflow BPM Enterprise Management System. Affected component: improper authentication that allows a remote attacker with general user privileges to rename a user account, enabling arbitrary account privilege escalation and potential to access, manipulate, ...

8.8CVSS8.8AI score0.00852EPSS

CVE•added 2022/11/10 2:20 a.m.•50 views

CVE-2022-39036

The CVE-2022-39036 entry concerns Flowring Technology’s Agentflow BPM. The vulnerability is a file upload flaw caused by insufficient filtering of special characters in URLs, enabling an unauthenticated remote attacker to upload arbitrary files and execute arbitrary code, potentially manipulating...

9.8CVSS9.9AI score0.01152EPSS

CVE•added 2026/02/10 6:53 a.m.•14 views

CVE-2026-2095

CVE-2026-2095 concerns Agentflow by Flowring, where an Authentication Bypass allows unauthenticated remote attackers to obtain arbitrary user authentication tokens and log in as any user. The entry lists a critical impact with high confidentiality, integrity, and availability concerns (CVSS v3.1/...

9.8CVSS5.8AI score0.00507EPSS

CVE•added 2026/02/10 6:59 a.m.•13 views

CVE-2026-2096

CVE-2026-2096 (Flowring Agentflow) : The vulnerability is a Missing Authentication issue in Agentflow by Flowring that allows unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality. Reported impact is high/critical (CVSS v4.0 base 9.3 with...

9.8CVSS5.5AI score0.00519EPSS

CVE•added 2026/02/10 7:6 a.m.•13 views

CVE-2026-2098

AgentFlow (Flowring) CVE-2026-2098 describes a Reflected Cross-site Scripting vulnerability that allows unauthenticated remote attackers to run arbitrary JavaScript in a user’s browser via phishing. The entry specifies network attack vector, low attack complexity, and user interaction required (a...

6.1CVSS6AI score0.00201EPSS

CVE•added 2026/02/10 7:2 a.m.•11 views

CVE-2026-2097

CVE-2026-2097 concerns Agentflow (Flowring) with an Arbitrary File Upload vulnerability that authenticated remote attackers can abuse to upload and execute web shell backdoors, enabling arbitrary code execution on the server. The vulnerability is rated HIGH (CVSS v4.0: 8.7; v3.1: 8.8) with NETWOR...

8.8CVSS6.5AI score0.00437EPSS

CVE•added 2026/02/10 7:9 a.m.•10 views

CVE-2026-2099

CVE-2026-2099 concerns AgentFlow by Flowring, which presents a Stored Cross-Site Scripting (XSS) vulnerability. Authe nticated remote attackers can inject persistent JavaScript that executes in users’ browsers when the page loads. Current metrics (TW CERT references) indicate a MEDIUM severity wi...

5.4CVSS5.5AI score0.00165EPSS