AgentFlow contains a critical arbitrary code execution vulnerability that allows an attacker to execute arbitrary Python files on the host system.

The vulnerability is an arbitrary code execution flaw residing in the POST /api/runs and POST /api/runs/validate endpoints. An attacker can supply a malicious, user-controlled pipeline_path parameter to execute local Python pipeline files, which may occur with high-level system privileges.

The CVSS score of 8.8 reflects the extreme risk associated with arbitrary code execution. A successful exploit could lead to a full system compromise, allowing an attacker to gain persistent access, steal data, or deploy malware within the server environment, resulting in severe operational impact.

Immediate Action: Update AgentFlow to the latest version provided by the vendor immediately; this is a critical security update.

Proactive Monitoring: Monitor API logs for unexpected POST requests to /api/runs or /api/runs/validate containing suspicious file paths.

Compensating Controls: Disable access to the affected API endpoints at the network edge or via a WAF if immediate patching is not feasible.

Public Exploit Available: false

This vulnerability is critical due to the potential for arbitrary code execution. Administrators must prioritize patching these endpoints immediately to prevent potential system-wide compromise.