CVE 9.3 CRITICAL

Flowring｜Agentflow – Authentication Bypass_CVE-2026-2095

February 10, 2026 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user.

AI Analysis

Authentication Bypass vulnerability allowing unauthenticated remote attackers to obtain arbitrary user authentication tokens

Basic Information

ID CVE-2026-2095

Source twcert

Published Feb 10, 2026 at 06:53

Affected Product

Vendor Flowring

Product Agentflow

Affected Versions Flowring Agentflow 0

CWE Classification

CWE-288

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor Flowring

Product Agentflow

References

{
    "lastseen": "",
    "description": "Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user.",
    "published": "2026-02-10T06:53:17.947Z",
    "modified": "2026-02-10T06:53:17.947Z",
    "type": "cve",
    "title": "Flowring\uff5cAgentflow - Authentication Bypass",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10699-49c0b-1.html\nhttps://www.twcert.org.tw/en/cp-139-10700-3534d-2.html\nhttps://forum.flowring.com/post/view?bid=72&id=45611&tpg=1&ppg=1&sty=1#45939",
    "id": "CVE-2026-2095",
    "bulletinFamily": "",
    "cwe": [
        "CWE-288"
    ],
    "cvelist": null,
    "sourceData": "Flowring Agentflow 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Agentflow",
    "version": "0",
    "vendor": "Flowring",
    "ai_description": "Authentication Bypass vulnerability allowing unauthenticated remote attackers to obtain arbitrary user authentication tokens",
    "ai_severity": "Critical",
    "ai_vendor": "Flowring",
    "ai_product": "Agentflow",
    "ai_version": "0",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply