CVE-2026-59726
Ruvnet · Ruflo
Ruflo's default deployment exposes unauthenticated MCP endpoints, allowing remote attackers to execute terminal commands and steal API keys.
Executive summary
A critical authentication bypass in Ruflo allows unauthenticated attackers to gain remote code execution and steal sensitive credentials.
Vulnerability
The application fails to enforce authentication on the MCP bridge endpoints (/mcp and /mcp/:group). This allows an unauthenticated, remote attacker to invoke critical functions, execute OS commands, and exfiltrate sensitive provider API keys.
Business impact
With a CVSS score of 10.0, this vulnerability is critical. It allows an attacker to achieve full remote code execution, gain access to sensitive API keys, and poison the agent learning-store. This risk is severe, as it grants complete control over the container environment and the integrity of the data processed by the agent.
Remediation
Immediate Action: Update Ruflo to version 3.16.3 or later immediately to patch the authentication bypass.
Proactive Monitoring: Review logs for unauthorized access to the /mcp endpoints and check for anomalous terminal command execution within the container environment.
Compensating Controls: If an immediate update is not possible, place the Ruflo deployment behind a strict firewall or VPN that restricts access to the MCP endpoints to known-good IP addresses only.
Exploitation status
Public Exploit Available: No
Analyst recommendation
This vulnerability represents an existential risk to the integrity of the Ruflo deployment. All users should prioritize upgrading to version 3.16.3 immediately to close the unauthenticated access paths that permit remote code execution and credential theft.