CVE-2026-2096 – Agentflow software by Flowring has a Missing Au... (How to Fix)

Q: What is the severity of CVE-2026-2096?

CVE-2026-2096 has a CVSS score of 9.8 (CRITICAL). Agentflow software by Flowring has a Missing Authentication vulnerability (CWE-288) that allows unauthenticated remote attackers to directly access database functionality. This enables reading, modifying, and deleting database contents without any credentials. Organizations using vulnerable versions of Agentflow are affected.

📋 TL;DR

Agentflow software by Flowring has a Missing Authentication vulnerability (CWE-288) that allows unauthenticated remote attackers to directly access database functionality. This enables reading, modifying, and deleting database contents without any credentials. Organizations using vulnerable versions of Agentflow are affected.

💻 Affected Systems

Products:

Agentflow by Flowring

Versions: Specific versions not detailed in references, but all versions before the patch are likely affected

Operating Systems: All platforms running Agentflow

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in a specific functionality that lacks authentication checks. Default installations are vulnerable.

📦 What is this software?

Agentflow by Flowring

View all CVEs affecting Agentflow →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of database integrity and confidentiality - attackers can exfiltrate all data, modify records, delete critical information, or potentially execute arbitrary database commands.

🟠

Likely Case

Data theft and unauthorized modifications to database contents, potentially leading to data corruption, privacy violations, and operational disruption.

🟢

If Mitigated

Limited impact if proper network segmentation and authentication controls are implemented, though the vulnerability still exists at the application layer.

🌐 Internet-Facing: HIGH - Unauthenticated remote attackers can exploit this vulnerability directly over the network without any credentials.

🏢 Internal Only: HIGH - Even internal attackers or compromised systems can exploit this without authentication requirements.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires knowledge of the specific functionality but is straightforward to exploit once identified. No authentication bypass needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in references, but vendor has released fixes

Vendor Advisory: https://forum.flowring.com/post/view?bid=72&id=45611&tpg=1&ppg=1&sty=1#45939

Restart Required: Yes

Instructions:

1. Check current Agentflow version. 2. Download and apply the latest patch from Flowring. 3. Restart the Agentflow service. 4. Verify the patch is applied successfully.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to Agentflow instances using firewall rules to only allow trusted IP addresses.

# Example: iptables -A INPUT -p tcp --dport [AGENTFLOW_PORT] -s [TRUSTED_IP] -j ACCEPT
# iptables -A INPUT -p tcp --dport [AGENTFLOW_PORT] -j DROP

Reverse Proxy with Authentication

all

Place Agentflow behind a reverse proxy that enforces authentication before forwarding requests.

# Configure nginx/apache with authentication
# Example nginx: auth_basic 'Restricted'; auth_basic_user_file /etc/nginx/.htpasswd;

🧯 If You Can't Patch

Implement strict network segmentation to isolate Agentflow instances from untrusted networks
Deploy a web application firewall (WAF) with authentication enforcement rules

🔍 How to Verify

Check if Vulnerable:

Attempt to access the specific functionality mentioned in advisories without authentication. If accessible, the system is vulnerable.

Check Version:

Check Agentflow version through its administrative interface or configuration files (specific command depends on installation)

Verify Fix Applied:

After patching, attempt the same unauthenticated access - it should now require proper authentication or return an error.

📡 Detection & Monitoring

Log Indicators:

Unauthenticated access attempts to database functionality
Unusual database operations from unauthenticated sources
Failed authentication attempts followed by successful database access

Network Indicators:

Unusual traffic patterns to Agentflow database endpoints
Database queries from unauthenticated sources

SIEM Query:

source="agentflow" AND (event_type="database_access" AND auth_status="none") OR (http_status=200 AND auth_method="none" AND uri_contains="database")

📊 Metadata

CVE ID: CVE-2026-2096

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-288

EPSS Score: 0.17% exploit probability (38.1th percentile)

Published: February 10, 2026

Last Updated: February 13, 2026

🔗 References

https://forum.flowring.com/post/view?bid=72&id=45611&tpg=1&ppg=1&sty=1#45939 Vendor Advisory
https://www.twcert.org.tw/en/cp-139-10700-3534d-2.html Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-10699-49c0b-1.html Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-2096, you might also want to check these: