Most recent sightings.

Most recent sightings. https://vulnerability.circl.lu Contains only the most 10 recent sightings. http://www.rssboard.org/rss-specification python-feedgen en Mon, 22 Jun 2026 15:33:49 +0000 690d89f0-1118-4218-b6b9-086e3ad2743e https://vulnerability.circl.lu/sighting/690d89f0-1118-4218-b6b9-086e3ad2743e/export {"uuid": "690d89f0-1118-4218-b6b9-086e3ad2743e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-VCV2-R9JH-99M5", "type": "seen", "source": "https://gist.github.com/alon710/fca46c1ce608de0751f3ec7bdc815dc8", "content": "# GHSA-VCV2-R9JH-99M5: GHSA-VCV2-R9JH-99M5: OS Command Injection in agentic-flow MCP Server Tools\n\n> **CVSS Score:** 8.8\n> **Published:** 2026-06-19\n> **Full Report:** https://cvereports.com/reports/GHSA-VCV2-R9JH-99M5\n\n## Summary\nAn OS command injection vulnerability (CWE-78) exists in agentic-flow versions 2.0.13 and prior. The package's Model Context Protocol (MCP) server tools directly interpolate user-controlled parameters into shell command strings executed via child_process.execSync without validation. If an AI agent processes untrusted external input and forwards it as parameters to any affected tool, an attacker can break out of the shell argument quotes and execute arbitrary OS commands on the host machine.\n\n## TL;DR\nUnsanitized parameters passed to agentic-flow MCP tools are executed directly in system shells via Node.js execSync, enabling remote attackers to run arbitrary OS commands when an AI agent processes malicious external content.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-78\n- **Attack Vector**: Network (Unauthenticated) / User Interaction Required (AI processing untrusted input)\n- **CVSS Severity**: 8.8 (High)\n- **Exploit Status**: PoC Available / Verified\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- agentic-flow <= 2.0.13\n- ruflo < 3.12.4\n- claude-flow < 3.12.4\n- @claude-flow/cli < 3.12.4\n- **agentic-flow**: <= 2.0.13 (Fixed in: `2.0.14`)\n\n## Mitigation\n\n- Upgrade agentic-flow to version 2.0.14 or later\n- Ensure all dependent packages (ruflo, claude-flow) are updated to version 3.12.4\n- Deploy runtime execution sandboxing for all MCP servers\n\n**Remediation Steps:**\n1. Identify affected Node.js installations running agentic-flow <= 2.0.13\n2. Update package.json dependencies to target version 2.0.14 or higher\n3. Run npm install to apply the patch\n4. Verify that the process tree running MCP tools lacks shell execution rights\n\n## References\n\n- [GHSA-VCV2-R9JH-99M5 Advisory](https://github.com/ruvnet/agentic-flow/security/advisories/GHSA-vcv2-r9jh-99m5)\n- [Vulnerability Issue Discussion](https://github.com/ruvnet/agentic-flow/issues/169)\n- [Remediation Pull Request](https://github.com/ruvnet/agentic-flow/pull/170)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-VCV2-R9JH-99M5) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-19T15:42:13.000000Z"} {"uuid": "690d89f0-1118-4218-b6b9-086e3ad2743e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "GHSA-VCV2-R9JH-99M5", "type": "seen", "source": "https://gist.github.com/alon710/fca46c1ce608de0751f3ec7bdc815dc8", "content": "# GHSA-VCV2-R9JH-99M5: GHSA-VCV2-R9JH-99M5: OS Command Injection in agentic-flow MCP Server Tools\n\n> **CVSS Score:** 8.8\n> **Published:** 2026-06-19\n> **Full Report:** https://cvereports.com/reports/GHSA-VCV2-R9JH-99M5\n\n## Summary\nAn OS command injection vulnerability (CWE-78) exists in agentic-flow versions 2.0.13 and prior. The package's Model Context Protocol (MCP) server tools directly interpolate user-controlled parameters into shell command strings executed via child_process.execSync without validation. If an AI agent processes untrusted external input and forwards it as parameters to any affected tool, an attacker can break out of the shell argument quotes and execute arbitrary OS commands on the host machine.\n\n## TL;DR\nUnsanitized parameters passed to agentic-flow MCP tools are executed directly in system shells via Node.js execSync, enabling remote attackers to run arbitrary OS commands when an AI agent processes malicious external content.\n\n## Exploit Status: POC\n\n## Technical Details\n\n- **CWE ID**: CWE-78\n- **Attack Vector**: Network (Unauthenticated) / User Interaction Required (AI processing untrusted input)\n- **CVSS Severity**: 8.8 (High)\n- **Exploit Status**: PoC Available / Verified\n- **KEV Status**: Not Listed\n\n## Affected Systems\n\n- agentic-flow <= 2.0.13\n- ruflo < 3.12.4\n- claude-flow < 3.12.4\n- @claude-flow/cli < 3.12.4\n- **agentic-flow**: <= 2.0.13 (Fixed in: `2.0.14`)\n\n## Mitigation\n\n- Upgrade agentic-flow to version 2.0.14 or later\n- Ensure all dependent packages (ruflo, claude-flow) are updated to version 3.12.4\n- Deploy runtime execution sandboxing for all MCP servers\n\n**Remediation Steps:**\n1. Identify affected Node.js installations running agentic-flow <= 2.0.13\n2. Update package.json dependencies to target version 2.0.14 or higher\n3. Run npm install to apply the patch\n4. Verify that the process tree running MCP tools lacks shell execution rights\n\n## References\n\n- [GHSA-VCV2-R9JH-99M5 Advisory](https://github.com/ruvnet/agentic-flow/security/advisories/GHSA-vcv2-r9jh-99m5)\n- [Vulnerability Issue Discussion](https://github.com/ruvnet/agentic-flow/issues/169)\n- [Remediation Pull Request](https://github.com/ruvnet/agentic-flow/pull/170)\n\n\n---\n*Generated by [CVEReports](https://cvereports.com/reports/GHSA-VCV2-R9JH-99M5) - Automated Vulnerability Intelligence*", "creation_timestamp": "2026-06-19T15:42:13.000000Z"} https://vulnerability.circl.lu/sighting/690d89f0-1118-4218-b6b9-086e3ad2743e/export Fri, 19 Jun 2026 15:42:13 +0000