{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2095", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "state": "PUBLISHED", "assignerShortName": "twcert", "dateReserved": "2026-02-06T11:02:46.628Z", "datePublished": "2026-02-10T06:53:17.947Z", "dateUpdated": "2026-02-10T19:34:22.341Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Agentflow", "vendor": "Flowring", "versions": [{"status": "affected", "version": "0"}]}], "datePublic": "2026-02-10T06:50:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user."}], "value": "Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user."}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 9.3, "baseSeverity": "CRITICAL", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2026-02-10T06:53:17.947Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-10699-49c0b-1.html"}, {"tags": ["third-party-advisory"], "url": "https://www.twcert.org.tw/en/cp-139-10700-3534d-2.html"}, {"tags": ["mitigation", "vendor-advisory"], "url": "https://forum.flowring.com/post/view?bid=72&id=45611&tpg=1&ppg=1&sty=1#45939"}], "source": {"advisory": "TVN-202606002", "discovery": "EXTERNAL"}, "title": "Flowring\uff5cAgentflow - Authentication Bypass", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Please refer to the following official instructions and take the appropriate mitigation measures:<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://forum.flowring.com/post/view?bid=72&amp;id=45611&amp;tpg=1&amp;ppg=1&amp;sty=1#45939\">https://forum.flowring.com/post/view?bid=72&amp;id=45611&amp;tpg=1&amp;ppg=1&amp;sty=1#45939</a><br><br>"}], "value": "Please refer to the following official instructions and take the appropriate mitigation measures:\n https://forum.flowring.com/post/view?bid=72&id=45611&tpg=1&ppg=1&sty=1#45939"}], "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-10T19:34:11.611908Z", "id": "CVE-2026-2095", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T19:34:22.341Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2095", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-10T19:34:11.611908Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T19:34:18.003Z"}}], "cna": {"title": "Flowring\uff5cAgentflow - Authentication Bypass", "source": {"advisory": "TVN-202606002", "discovery": "EXTERNAL"}, "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115 Authentication Bypass"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 9.3, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Flowring", "product": "Agentflow", "versions": [{"status": "affected", "version": "0"}], "defaultStatus": "unaffected"}], "datePublic": "2026-02-10T06:50:00.000Z", "references": [{"url": "https://www.twcert.org.tw/tw/cp-132-10699-49c0b-1.html", "tags": ["third-party-advisory"]}, {"url": "https://www.twcert.org.tw/en/cp-139-10700-3534d-2.html", "tags": ["third-party-advisory"]}, {"url": "https://forum.flowring.com/post/view?bid=72&id=45611&tpg=1&ppg=1&sty=1#45939", "tags": ["mitigation", "vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "Please refer to the following official instructions and take the appropriate mitigation measures:\n https://forum.flowring.com/post/view?bid=72&id=45611&tpg=1&ppg=1&sty=1#45939", "supportingMedia": [{"type": "text/html", "value": "Please refer to the following official instructions and take the appropriate mitigation measures:<br><a target=\"_blank\" rel=\"nofollow\" href=\"https://forum.flowring.com/post/view?bid=72&amp;id=45611&amp;tpg=1&amp;ppg=1&amp;sty=1#45939\">https://forum.flowring.com/post/view?bid=72&amp;id=45611&amp;tpg=1&amp;ppg=1&amp;sty=1#45939</a><br><br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user.", "supportingMedia": [{"type": "text/html", "value": "Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-288", "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel"}]}], "providerMetadata": {"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert", "dateUpdated": "2026-02-10T06:53:17.947Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2095", "state": "PUBLISHED", "dateUpdated": "2026-02-10T19:34:22.341Z", "dateReserved": "2026-02-06T11:02:46.628Z", "assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "datePublished": "2026-02-10T06:53:17.947Z", "assignerShortName": "twcert"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:flowring:agentflow:*:*:*:*:*:*:*:*", "matchCriteriaId": "488D23DA-9DF9-4694-9148-FD4DFFC90173", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user."}], "id": "CVE-2026-2095", "lastModified": "2026-02-13T20:53:19.297", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "twcert@cert.org.tw", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2026-02-10T07:16:13.903", "references": [{"source": "twcert@cert.org.tw", "tags": ["Vendor Advisory"], "url": "https://forum.flowring.com/post/view?bid=72&id=45611&tpg=1&ppg=1&sty=1#45939"}, {"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/en/cp-139-10700-3534d-2.html"}, {"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-10699-49c0b-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-288"}], "source": "twcert@cert.org.tw", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "0"}}], "product": "agentflow", "vendor": "flowring"}], "analysis": {"en": {"generated_at": "2026-04-18T12:52:46.900534+00:00", "value": {"mitigation_remediation": ["Follow the official Flowring forum instructions at https://forum.flowring.com/post/view?bid=72&id=45611&tpg=1&ppg=1&sty=1#45939 to mitigate the authentication bypass, e.g., disabling or securing the vulnerable endpoint.", "Restrict network access to the Agentflow service by firewall rules, allowing only trusted IP ranges to contact the authentication endpoint.", "Monitor system logs for repeated attempts to retrieve authentication tokens or unauthorized login activity, and alert on suspicious patterns."], "summary": {"action": "Apply Workaround", "impact": "Authentication Bypass enabling arbitrary user login"}, "threat_synthesis": {"affected_systems": "The affected product is Flowring Agentflow. No specific version information is provided, so any installation of this product remains potentially vulnerable.", "description_and_impact": "Agentflow developed by Flowring contains an authentication bypass flaw that allows unauthenticated remote attackers to obtain an arbitrary user authentication token and log into the system as any user. The weakness is a classic authorization bypass (CWE\u2011288) with severe implications for confidentiality, integrity, and overall system control.", "risk_and_exploitability": "The CVSS score of 9.3 places this flaw in the critical range, indicating that exploitation would grant full system access. The EPSS score of less than 1% shows that current exploitation probability is low, but the high severity and absence of a KEV listing suggest that organizations should still act with high caution. The likely attack vector involves the web or API interface that permits retrieval of authentication tokens, enabling unauthenticated remote exploitation."}}}}, "created": "2026-02-10T11:34:29.221271+00:00", "updated": "2026-04-18T13:00:08.746801+00:00", "vendors": ["flowring", "flowring$PRODUCT$agentflow"]}