CVE-2026-2099
📋 TL;DR
AgentFlow software by Flowring contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript. When users load affected pages, the injected code executes in their browsers, potentially compromising their sessions or stealing data. This affects all users of vulnerable AgentFlow installations.
💻 Affected Systems
- AgentFlow by Flowring
📦 What is this software?
Agentflow by Flowring
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, hijack user sessions, perform actions as authenticated users, or deploy malware to client browsers.
Likely Case
Attackers steal session cookies or authentication tokens to gain unauthorized access, potentially leading to data theft or privilege escalation.
If Mitigated
With proper input validation and output encoding, malicious scripts would be neutralized before reaching user browsers.
🎯 Exploit Status
Stored XSS vulnerabilities are commonly exploited; requires authenticated access but payload persists across sessions
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in references; check vendor advisory for specific version
Vendor Advisory: https://www.twcert.org.tw/en/cp-139-10700-3534d-2.html
Restart Required: Yes
Instructions:
1. Check Flowring's security advisory for patch details. 2. Download and apply the latest AgentFlow update. 3. Restart the AgentFlow service. 4. Verify the fix by testing input validation.
🔧 Temporary Workarounds
Implement Content Security Policy
allAdd CSP headers to restrict script execution sources
Add 'Content-Security-Policy: script-src 'self'' to web server headers
Input Validation Filter
allImplement server-side input sanitization for all user inputs
Implement HTML entity encoding for all user-controlled output
🧯 If You Can't Patch
- Implement web application firewall with XSS protection rules
- Restrict user permissions to minimize attack surface
🔍 How to Verify
Check if Vulnerable:
Test user input fields by submitting basic XSS payloads like <script>alert('test')</script> and check if they executeCheck Version:
Check AgentFlow version in administration panel or configuration filesVerify Fix Applied:
After patching, retest with XSS payloads to confirm they are properly sanitized or blocked📡 Detection & Monitoring
Log Indicators:
- Unusual long strings in user input fields
- JavaScript patterns in POST/PUT requests
- Multiple failed XSS attempts
Network Indicators:
- POST requests containing script tags or JavaScript functions
- Unusual content-type submissions
SIEM Query:
source="web_logs" AND (http_method="POST" OR http_method="PUT") AND (message="*<script>*" OR message="*javascript:*")