Unrated severityNVD Advisory· Published Feb 10, 2026· Updated Feb 10, 2026
Flowring|AgentFlow - Stored Cross-Site Scripting
CVE-2026-2099
Description
AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.twcert.org.tw/en/cp-139-10700-3534d-2.htmlmitrethird-party-advisory
- www.twcert.org.tw/tw/cp-132-10699-49c0b-1.htmlmitrethird-party-advisory
News mentions
0No linked articles in our index yet.