Cyber Resilience

CVE-2026-2095

Critical

Published: 10 February 2026

Published
10 February 2026
Modified
13 February 2026
KEV Added
Patch
CVSS Score v4 9.3 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0051 39.3th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2026-2095 is a critical-severity Authentication Bypass Using an Alternate Path or Channel (CWE-288) vulnerability in Flowring Agentflow. Its CVSS base score is 9.3 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 39.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-2 (Identification and Authentication (Organizational Users)) and IA-5 (Authenticator Management).

Deeper analysis

CVE-2026-2095 is an Authentication Bypass vulnerability in Agentflow, a product developed by Flowring. The flaw, associated with CWE-288, enables unauthenticated remote attackers to exploit a specific functionality within the software to obtain arbitrary user authentication tokens. This allows attackers to log into the system impersonating any user. The vulnerability received a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating critical severity due to its network accessibility, low complexity, and lack of prerequisites.

Unauthenticated attackers can exploit this vulnerability remotely over the network without user interaction or privileges. Successful exploitation grants full access to the system as any targeted user, potentially leading to complete compromise including high confidentiality, integrity, and availability impacts as reflected in the CVSS metrics.

Mitigation details are available in advisories published by Flowring and TWCERT, accessible at https://forum.flowring.com/post/view?bid=72&id=45611&tpg=1&ppg=1&sty=1#45939, https://www.twcert.org.tw/en/cp-139-10700-3534d-2.html, and https://www.twcert.org.tw/tw/cp-132-10699-49c0b-1.html. The vulnerability was published on 2026-02-10.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

Agentflow developed by Flowring has an Authentication Bypass vulnerability, allowing unauthenticated remote attackers to exploit a specific functionality to obtain arbitrary user authentication token and log into the system as any user.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
T1528 Steal Application Access Token Credential Access
Adversaries can steal application access tokens as a means of acquiring credentials to access remote systems and resources.
Why these techniques?

The vulnerability is an unauthenticated remote authentication bypass in a network-accessible application (T1190), directly exploited to obtain arbitrary user authentication tokens (T1528, T1212).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-2096Same product: Flowring Agentflow
CVE-2026-2097Same product: Flowring Agentflow
CVE-2025-68620Shared CWE-288
CVE-2026-44574Shared CWE-288
CVE-2025-2747Shared CWE-288
CVE-2025-69101Shared CWE-288
CVE-2026-2628Shared CWE-288
CVE-2025-64121Shared CWE-288
CVE-2026-22733Shared CWE-288
CVE-2026-44575Shared CWE-288

Affected Assets

flowring
agentflow
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires identification, reporting, and correction of flaws like CVE-2026-2095, directly preventing exploitation of the authentication bypass vulnerability through patching.

prevent

IA-2 mandates unique identification and authentication for organizational users, preventing unauthenticated attackers from bypassing authentication to impersonate any user.

prevent

IA-5 ensures secure management and distribution of authenticators such as tokens, mitigating the acquisition of arbitrary authentication tokens by unauthenticated remote attackers.

References