Skip to main content

Taskflow Ai

1 CVEs product

Monthly

CVE-2026-5831 npm MEDIUM PATCH This Month

Remote OS command injection in Agions taskflow-ai up to version 2.1.8 allows authenticated remote attackers to execute arbitrary operating system commands via manipulation of the terminal_execute component in src/mcp/server/handlers.ts, with CVSS 6.3 reflecting moderate severity. Vendor-released patch is available in version 2.1.9 (commit c1550b445b9f24f38c4414e9a545f5f79f23a0fe), and the vendor responded promptly to early notification.

Command Injection Taskflow Ai
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.7%
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Remote OS command injection in Agions taskflow-ai up to version 2.1.8 allows authenticated remote attackers to execute arbitrary operating system commands via manipulation of the terminal_execute component in src/mcp/server/handlers.ts, with CVSS 6.3 reflecting moderate severity. Vendor-released patch is available in version 2.1.9 (commit c1550b445b9f24f38c4414e9a545f5f79f23a0fe), and the vendor responded promptly to early notification.

Command Injection Taskflow Ai
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy