Vulnerability  ·  2026-07-18

Agentic-Flow MCP Server OS Command Injection (CVE-2026-58195)

VulnerabilityHigh impactGlobalCVE-2026-58195
Agentic-Flow, an AI agent orchestration platform, contains an OS command injection vulnerability prior to version 2.0.14 across multiple MCP server implementations (standalone-stdio.ts, claude-flow-sdk.ts, stdio-full.ts, http-streaming-updated.ts, http-sse.ts). Published to NVD 2026-07-17, CVSS 8.8 (High).
Agentic-Flow's MCP servers are tool-execution surfaces directly callable by AI agents; an OS command injection there gives an attacker who can reach the MCP interface (or manipulate agent tool-call inputs via prompt injection) a direct path to arbitrary command execution on the host running the agent orchestration platform.
Command injection via MCP server tool parameters across multiple standalone/stdio/HTTP-streaming/SSE MCP server implementations
Agentic-Flow (ruvnet/agentic-flow) prior to 2.0.14
Upgrade to agentic-flow 2.0.14 or later; see GitHub commit 0c2ec967736a8b6b85832c6bae2a3e74989705ec
GitHub commit — agentic-flow fixNVD CVE-2026-58195
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →