Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HFlowring Agentflow
APPFlowring4.0.0.1183.552
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
Related vulnerabilities
CVE-2026-2095CRITICAL9.3PL ✓ten sam produkt
Pomijanie uwierzytelnienia w Flowring Agentflow — przejęcie tokenu dowolnego użytkownika
CVE-2026-2096CRITICAL9.3PL ✓ten sam produkt
Flowring Agentflow — brak uwierzytelnienia umożliwia manipulację bazą danych
CVE-2025-3709CRITICAL9.8PL ✓ten sam produkt
Flowring Agentflow — pominięcie blokady konta umożliwia atak brute force
CVE-2022-39036CRITICAL9.8ten sam produkt
The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauth...
CVE-2026-2097HIGH8.7ten sam produkt
Agentflow developed by Flowring has an Arbitrary File Upload vulnerability, allowing authenticated remote atta...