CVE-2026-2099 identifies a stored Cross-Site Scripting (XSS) vulnerability in Flowring's AgentFlow product, specifically affecting version 4.0.*. The vulnerability arises from improper neutralization of input during web page generation (CWE-79), allowing authenticated remote attackers to inject persistent JavaScript code into the application. When other users load the compromised pages, the malicious scripts execute in their browsers, potentially enabling attackers to steal session tokens, perform actions on behalf of users, or manipulate displayed content. The vulnerability requires the attacker to have authenticated access but does not require elevated privileges, making it accessible to any logged-in user. The CVSS 5.1 score reflects a medium severity, with network attack vector, low attack complexity, no privileges required, but user interaction needed (victim must load the page). The vulnerability does not affect confidentiality, integrity, or availability directly but impacts security through client-side script execution. No patches or known exploits are currently available, indicating the need for proactive mitigation. The vulnerability was published on February 10, 2026, and assigned by TW-CERT. Given the nature of stored XSS, the risk includes persistent compromise of user sessions and potential lateral movement within affected environments.

For European organizations, this vulnerability poses a moderate risk primarily to the confidentiality and integrity of user sessions and data accessed via AgentFlow. Exploitation could lead to session hijacking, unauthorized actions performed in the context of legitimate users, and potential exposure of sensitive information. Organizations in sectors such as finance, government, and critical infrastructure that rely on AgentFlow for workflow or automation tasks could face operational disruptions or data breaches. The requirement for authenticated access limits the attack surface but insider threats or compromised credentials could facilitate exploitation. Additionally, the persistent nature of stored XSS means that once injected, malicious scripts can affect multiple users over time, increasing the potential impact. Although availability is not directly impacted, reputational damage and compliance risks (e.g., GDPR violations due to data exposure) are significant concerns.

To mitigate CVE-2026-2099, organizations should implement strict input validation and sanitization on all user-supplied data before it is stored or rendered in AgentFlow. Employing context-aware output encoding (e.g., HTML entity encoding) when displaying user input can prevent script execution. Restricting user privileges to the minimum necessary reduces the risk of malicious input injection. Monitoring and logging user activities can help detect suspicious behavior indicative of exploitation attempts. Since no patches are currently available, consider deploying Web Application Firewalls (WAFs) with rules targeting XSS payloads specific to AgentFlow. Educate users about phishing and credential security to reduce the risk of compromised accounts. Finally, maintain an incident response plan to quickly address any detected exploitation.