Tag

Cve-2026-7466

1 brief RSS

AgentFlow Arbitrary Code Execution via Pipeline Path Manipulation (CVE-2026-7466)

AgentFlow is vulnerable to arbitrary code execution (CVE-2026-7466) by manipulating the `pipeline_path` parameter in POST requests to `/api/runs` and `/api/runs/validate`, allowing attackers to execute arbitrary Python code.

AgentFlow cve-2026-7466 rce code-injection

2r 1t 1c 5d ago