What happened
Agentic-Flow, an AI agent orchestration platform, contains an OS command injection vulnerability prior to version 2.0.14 across multiple MCP server implementations (standalone-stdio.ts, claude-flow-sdk.ts, stdio-full.ts, http-streaming-updated.ts, http-sse.ts). Published to NVD 2026-07-17, CVSS 8.8 (High).
Why it matters
Agentic-Flow's MCP servers are tool-execution surfaces directly callable by AI agents; an OS command injection there gives an attacker who can reach the MCP interface (or manipulate agent tool-call inputs via prompt injection) a direct path to arbitrary command execution on the host running the agent orchestration platform.
Attack vector
Command injection via MCP server tool parameters across multiple standalone/stdio/HTTP-streaming/SSE MCP server implementations
Affected systems
Agentic-Flow (ruvnet/agentic-flow) prior to 2.0.14
Mitigation
Upgrade to agentic-flow 2.0.14 or later; see GitHub commit 0c2ec967736a8b6b85832c6bae2a3e74989705ec