{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/berabuddies/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-7466"}],"_cs_exploited":false,"_cs_products":["AgentFlow"],"_cs_severities":["critical"],"_cs_tags":["cve-2026-7466","rce","code-injection"],"_cs_type":"advisory","_cs_vendors":["berabuddies"],"content_html":"\u003cp\u003eAgentFlow is susceptible to an arbitrary code execution vulnerability identified as CVE-2026-7466. This flaw stems from insufficient validation of the \u003ccode\u003epipeline_path\u003c/code\u003e parameter within the \u003ccode\u003e/api/runs\u003c/code\u003e and \u003ccode\u003e/api/runs/validate\u003c/code\u003e endpoints. By crafting malicious POST requests and supplying a user-controlled \u003ccode\u003epipeline_path\u003c/code\u003e, an attacker can induce the AgentFlow API to load and execute arbitrary Python pipeline files present on the server\u0026rsquo;s filesystem. Successful exploitation leads to code execution within the security context of the user running AgentFlow, potentially granting the attacker full control over the affected system. This vulnerability poses a significant threat to organizations utilizing AgentFlow, as it can lead to data breaches, system compromise, and other malicious activities.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies an AgentFlow instance running a vulnerable version.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a POST request to the \u003ccode\u003e/api/runs\u003c/code\u003e endpoint, including a \u003ccode\u003epipeline_path\u003c/code\u003e parameter.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003epipeline_path\u003c/code\u003e parameter is set to the path of a malicious Python file already existing on the AgentFlow server (or uploaded previously through other means).\u003c/li\u003e\n\u003cli\u003eThe attacker sends the malicious POST request to the \u003ccode\u003e/api/runs\u003c/code\u003e endpoint.\u003c/li\u003e\n\u003cli\u003eAgentFlow processes the request without properly validating the \u003ccode\u003epipeline_path\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eAgentFlow loads and executes the Python file specified in the \u003ccode\u003epipeline_path\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker-controlled Python code executes with the privileges of the AgentFlow process.\u003c/li\u003e\n\u003cli\u003eThe attacker achieves arbitrary code execution, potentially leading to complete system compromise, data exfiltration, or denial of service.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-7466 allows an attacker to execute arbitrary code on the AgentFlow server. This can lead to a complete compromise of the system, including the theft of sensitive data, modification of critical system files, or the installation of backdoors for persistent access. The severity of the impact depends on the privileges of the user account running AgentFlow, but in many cases, it can lead to full system administrator access.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImplement input validation and sanitization on the \u003ccode\u003epipeline_path\u003c/code\u003e parameter within the \u003ccode\u003e/api/runs\u003c/code\u003e and \u003ccode\u003e/api/runs/validate\u003c/code\u003e endpoints to prevent arbitrary file loading and execution.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for POST requests to \u003ccode\u003e/api/runs\u003c/code\u003e and \u003ccode\u003e/api/runs/validate\u003c/code\u003e containing suspicious \u003ccode\u003epipeline_path\u003c/code\u003e values (see example Sigma rule below).\u003c/li\u003e\n\u003cli\u003eRestrict file system permissions to limit the ability of the AgentFlow user to read and execute arbitrary Python files.\u003c/li\u003e\n\u003cli\u003eApply available patches or updates for AgentFlow as soon as they are released to address this vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-29T19:16:27Z","date_published":"2026-04-29T19:16:27Z","id":"/briefs/2026-04-agentflow-rce/","summary":"AgentFlow is vulnerable to arbitrary code execution (CVE-2026-7466) by manipulating the `pipeline_path` parameter in POST requests to `/api/runs` and `/api/runs/validate`, allowing attackers to execute arbitrary Python code.","title":"AgentFlow Arbitrary Code Execution via Pipeline Path Manipulation (CVE-2026-7466)","url":"https://feed.craftedsignal.io/briefs/2026-04-agentflow-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Berabuddies","version":"https://jsonfeed.org/version/1.1"}