CVE-2026-58195 | ruvnet agentic-flow up to 2.0.13 MCP Server Tools standalone-stdio.ts execSync agent/task/name/language/agentdb os command injection
A vulnerability marked as critical has been reported in ruvnet agentic-flow up to 2.0.13. This affects the function execSync of the file src/mcp/standalone-stdio.ts of the component MCP Server Tools. This manipulation of the argument agent/task/name/language/agentdb causes os command injection.
This vulnerability is registered as CVE-2026-58195. Remote exploitation of the attack is possible. No exploit is available.VulDB Recent EntriesRead More