CVE-2026-2098

AgentFlow developed by Flowring has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
Configurations

Configuration 1 (hide)

cpe:2.3:a:flowring:agentflow:*:*:*:*:*:*:*:*

History

17 Jun 2026, 10:30

Type Values Removed Values Added
Summary
  • (es) AgentFlow desarrollado por Flowring tiene una vulnerabilidad de cross-site scripting reflejado, permitiendo a atacantes remotos no autenticados ejecutar códigos JavaScript arbitrarios en el navegador del usuario a través de ataques de phishing.

13 Feb 2026, 20:49

Type Values Removed Values Added
References () https://www.twcert.org.tw/en/cp-139-10700-3534d-2.html - () https://www.twcert.org.tw/en/cp-139-10700-3534d-2.html - Third Party Advisory
References () https://www.twcert.org.tw/tw/cp-132-10699-49c0b-1.html - () https://www.twcert.org.tw/tw/cp-132-10699-49c0b-1.html - Third Party Advisory
CPE cpe:2.3:a:flowring:agentflow:*:*:*:*:*:*:*:*
First Time Flowring agentflow
Flowring

10 Feb 2026, 07:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-02-10 07:16

Updated : 2026-06-17 10:30


NVD link : CVE-2026-2098

Mitre link : CVE-2026-2098

CVE.ORG link : CVE-2026-2098


JSON object : View

Products Affected

flowring

  • agentflow
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')