CVE 8.7 HIGH

Flowring｜Agentflow – Arbitrary File Upload_CVE-2026-2097

February 10, 2026 invoker category_cve

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

AI Analysis

Arbitrary File Upload vulnerability allowing remote attackers to upload and execute web shell backdoors

Basic Information

ID CVE-2026-2097

Source twcert

Published Feb 10, 2026 at 07:02

Affected Product

Vendor Flowring

Product Agentflow

Affected Versions Flowring Agentflow 0

CWE Classification

CWE-434

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor Flowring

Product Agentflow

References

{
    "lastseen": "",
    "description": "Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.",
    "published": "2026-02-10T07:02:30.835Z",
    "modified": "2026-02-10T07:02:30.835Z",
    "type": "cve",
    "title": "Flowring\uff5cAgentflow - Arbitrary File Upload",
    "source": "twcert",
    "references": "https://www.twcert.org.tw/tw/cp-132-10699-49c0b-1.html\nhttps://www.twcert.org.tw/en/cp-139-10700-3534d-2.html",
    "id": "CVE-2026-2097",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "Flowring Agentflow 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Agentflow",
    "version": "0",
    "vendor": "Flowring",
    "ai_description": "Arbitrary File Upload vulnerability allowing remote attackers to upload and execute web shell backdoors",
    "ai_severity": "High",
    "ai_vendor": "Flowring",
    "ai_product": "Agentflow",
    "ai_version": "0",
    "ai_score": 8.7
}

💭 Join the Security Discussion ❌ Cancel Reply