Primary

Context

Flowring Agentflow Authentication Bypass Vulnerability

Vulnerability

Patched

An authentication bypass vulnerability has been identified in Agentflow, a product developed by Flowring. This vulnerability allows unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication tokens, enabling them to log into the system as any user. The issue is present in all versions of Agentflow.

Impact

Exploitation of this vulnerability allows for unauthorized access to the system, with the attacker able to log in as any user.

Remediation

To mitigate this vulnerability, it is recommended to restrict access to the AgentflowWeb.jws file by configuring the RemoteAddrFilter in the web.xml file. This can be done by specifying which IP addresses are allowed to connect to the web service. For issues that have already caused operational problems, contact Flowring's customer service.

Added: Feb 10, 2026, 9:04 AM

Updated: Feb 10, 2026, 9:04 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.3

remediation

7.9

relevance

2.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

4.3

remediation

7.9

relevance

2.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Flowring Agentflow Authentication Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Flowring Agentflow

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating