All 8 CVE vulnerabilities found in Agentflow, with AI-generated Chinese analysis, references, and POCs.
Vendor: Flowring Technology
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-2099 | Flowring|AgentFlow - Stored Cross-Site Scripting CWE-79 | 5.4 | Medium | 2026-02-10 |
| CVE-2026-2098 | Flowring|AgentFlow - Reflected Cross-site Scripting CWE-79 | 6.1 | Medium | 2026-02-10 |
| CVE-2026-2097 | Flowring|Agentflow - Arbitrary File Upload CWE-434 | 8.8 | High | 2026-02-10 |
| CVE-2026-2096 | Flowring|Agentflow - Missing Authenticaton CWE-288 | 9.8 | Critical | 2026-02-10 |
| CVE-2026-2095 | Flowring|Agentflow - Authentication Bypass CWE-288 | 9.8 | Critical | 2026-02-10 |
| CVE-2025-11899 | Flowring Technology|Agentflow - Use of Hard-coded Cryptographic Key CWE-321 | 8.1 | High | 2025-10-17 |
| CVE-2025-11898 | Flowring Technology|Agentflow - Arbitrary File Reading through Path Traversal CWE-23 | 7.5 | High | 2025-10-17 |
| CVE-2025-3709 | Flowring Technology Agentflow - Account Lockout Bypass CWE-307 | 9.8 | Critical | 2025-05-02 |
All 8 known CVE vulnerabilities affecting Agentflow with full Chinese analysis, references, and POCs where available.