Skip to content
CVSS 8.8 · HIGH

CVE-2026-7466

AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST /api/runs and POST /api/runs/validate endpoints. Attackers can induce requests to the local AgentFlow API to load and execute existing Python pipeline files on disk, resulting in code execution in the context of the user running AgentFlow.

View on NVD

Analysis

AgentFlow versions are vulnerable to arbitrary code execution through the /api/runs endpoints. By manipulating the pipeline_path parameter, an attacker can force the system to execute Python pipeline files located on the host machine, potentially leading to a full system compromise in the context of the running user.

Severity

Score: 8.8(HIGH)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AV: NETWORK
AC: LOW
PR: NONE
UI: REQUIRED
S: UNCHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE): CWE-94

EPSS

Probability of exploitation (next 30 days): 0.0005 (0.0%)
Percentile: 14.9%
EPSS: 2026-05-06

Technical description

AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST /api/runs and POST /api/runs/validate endpoints. Attackers can induce requests to the local AgentFlow API to load and execute existing Python pipeline files on disk, resulting in code execution in the context of the user running AgentFlow.

Published: 4/29/2026, 7:16:27 PM
Last modified: 4/30/2026, 3:44:48 PM

References

HomeEventsBlogResourcesTeam