Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NFlowring Agentflow
APPFlowring4.0.0.1183.552
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path TraversalAuth Bypass
Related vulnerabilities
CVE-2026-2095CRITICAL9.3PL ✓ten sam produkt
Pomijanie uwierzytelnienia w Flowring Agentflow — przejęcie tokenu dowolnego użytkownika
CVE-2026-2096CRITICAL9.3PL ✓ten sam produkt
Flowring Agentflow — brak uwierzytelnienia umożliwia manipulację bazą danych
CVE-2025-3709CRITICAL9.8PL ✓ten sam produkt
Flowring Agentflow — pominięcie blokady konta umożliwia atak brute force
CVE-2022-39036CRITICAL9.8ten sam produkt
The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauth...
CVE-2026-2097HIGH8.7ten sam produkt
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote atta...