Authentication Bypass Vulnerability in Agentflow by Flowring
CVE-2026-2095

9.3CRITICAL

Key Information:

Vendor

Flowring

Status
Agentflow
Vendor
CVE Published:
10 February 2026

What is CVE-2026-2095?

The Agentflow application, developed by Flowring, presents a serious security vulnerability that enables remote attackers to bypass authentication mechanisms. By exploiting a specific functionality, these attackers can gain unauthorized access and obtain arbitrary user authentication tokens, allowing them to log into the system as any user without valid credentials. This flaw poses significant risks to user accounts and data integrity, underscoring the need for immediate mitigation and security updates.

Affected Version(s)

Agentflow 0

References

https://www.twcert.org.tw/tw/cp-132-10699-49c0b-1.html
third-party-advisory
https://www.twcert.org.tw/en/cp-139-10700-3534d-2.html
third-party-advisory
https://forum.flowring.com/post/view?bid=72&id=45611&tpg=...
mitigationvendor-advisory

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.