Flowring Agentflow
9 CVEs affecting Flowring Agentflow. Latest disclosed: 2026-02-10. Critical: 4, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-2096 | Critical | 9.8 | 2026-02-10 | Agentflow developed by Flowring has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database cont… |
CVE-2026-2095 | Critical | 9.8 | 2026-02-10 | Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to ob… |
CVE-2025-3709 | Critical | 9.8 | 2025-05-02 | Agentflow from Flowring Technology has an Account Lockout Bypass vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to perf… |
CVE-2022-39036 | Critical | 9.8 | 2022-11-10 | The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulner… |
CVE-2026-2097 | High | 8.8 | 2026-02-10 | Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors… |
CVE-2022-39038 | High | 8.8 | 2022-11-10 | Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account t… |
CVE-2022-39037 | High | 7.5 | 2022-11-10 | Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentica… |
CVE-2026-2098 | Medium | 6.1 | 2026-02-10 | AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript c… |
CVE-2026-2099 | Medium | 5.4 | 2026-02-10 | AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes… |