CVE-2026-59726: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in ruvnet ruflo
CVE-2026-59726 is a critical OS command injection vulnerability in ruvnet's ruflo agent meta-harness. Versions prior to 3.16.3 expose the MCP bridge POST /mcp and POST /mcp/:group endpoints without authentication in the default docker-compose deployment. This allows unauthenticated network attackers to execute commands, gain shell access to the bridge container, read sensitive provider API keys, and poison the AgentDB learning-store patterns. The issue is fixed in version 3.16.3.
AI Analysis
Technical Summary
Ruflo versions before 3.16.3 have an OS command injection vulnerability due to improper neutralization of special elements in the MCP bridge endpoints, which are exposed without authentication in the default docker-compose setup. An unauthenticated attacker can invoke terminal_execute commands, resulting in shell access to the bridge container, disclosure of provider API keys, and manipulation of AgentDB learning-store patterns. This vulnerability is tracked as CVE-2026-59726 with a CVSS 3.1 base score of 10.0 (critical). The vulnerability is fixed in ruflo version 3.16.3.
Potential Impact
An unauthenticated remote attacker can execute arbitrary OS commands on the bridge container, leading to full compromise of that container. This includes reading sensitive provider API keys and poisoning the AgentDB learning-store, which can affect the integrity and confidentiality of the system. The vulnerability has a critical severity with maximum CVSS impact on confidentiality, integrity, and availability.
Mitigation Recommendations
Upgrade ruflo to version 3.16.3 or later, where this vulnerability is fixed. Prior versions expose critical endpoints without authentication and should not be used in production environments. Patch status is confirmed fixed in 3.16.3.
CVE-2026-59726: CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in ruvnet ruflo
Description
CVE-2026-59726 is a critical OS command injection vulnerability in ruvnet's ruflo agent meta-harness. Versions prior to 3.16.3 expose the MCP bridge POST /mcp and POST /mcp/:group endpoints without authentication in the default docker-compose deployment. This allows unauthenticated network attackers to execute commands, gain shell access to the bridge container, read sensitive provider API keys, and poison the AgentDB learning-store patterns. The issue is fixed in version 3.16.3.
CVSS v3.1
Score 10.0critical
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
Ruflo versions before 3.16.3 have an OS command injection vulnerability due to improper neutralization of special elements in the MCP bridge endpoints, which are exposed without authentication in the default docker-compose setup. An unauthenticated attacker can invoke terminal_execute commands, resulting in shell access to the bridge container, disclosure of provider API keys, and manipulation of AgentDB learning-store patterns. This vulnerability is tracked as CVE-2026-59726 with a CVSS 3.1 base score of 10.0 (critical). The vulnerability is fixed in ruflo version 3.16.3.
Potential Impact
An unauthenticated remote attacker can execute arbitrary OS commands on the bridge container, leading to full compromise of that container. This includes reading sensitive provider API keys and poisoning the AgentDB learning-store, which can affect the integrity and confidentiality of the system. The vulnerability has a critical severity with maximum CVSS impact on confidentiality, integrity, and availability.
Mitigation Recommendations
Upgrade ruflo to version 3.16.3 or later, where this vulnerability is fixed. Prior versions expose critical endpoints without authentication and should not be used in production environments. Patch status is confirmed fixed in 3.16.3.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-07-06T15:34:16.917Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a4fe25b68715ace43d416b8
Added to database: 07/09/2026, 18:03:07 UTC
Last enriched: 07/09/2026, 18:17:33 UTC
Last updated: 07/09/2026, 18:50:28 UTC
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.