CVE-2026-7466

Name of the Vulnerable Software and Affected Versions AgentFlow (affected versions not specified)

Description An arbitrary code execution issue exists where attackers can execute local Python pipeline files. This occurs by supplying a user-controlled pipeline path parameter to the "POST /api/runs" and "POST /api/runs/validate" endpoints. This allows requests to the local API to load and execute existing Python pipeline files on disk, leading to code execution within the context of the user running the application.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.