๐Ÿ” CVE Alert

CVE-2026-59726

CRITICAL 10.0

Ruflo: Unauthenticated RCE in MCP bridge default docker-compose deployment

CVSS Score
10.0
EPSS Score
0.0%
EPSS Percentile
0th

Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default docker-compose deployment exposed the MCP bridge POST /mcp and POST /mcp/:group endpoints without authentication, allowing an unauthenticated network attacker to invoke tools/call to terminal_execute, obtain a shell in the bridge container, read provider API keys, and poison AgentDB learning-store patterns. This issue is fixed in version 3.16.3.

CWE CWE-78 CWE-306 CWE-942
Vendor ruvnet
Product ruflo
Published Jul 9, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for ruvnet ruflo

Be the first to know when new critical vulnerabilities affecting ruvnet ruflo are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

ruvnet / ruflo
< 3.16.3

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/ruvnet/ruflo/security/advisories/GHSA-c4hm-4h84-2cf3 github.com: https://github.com/ruvnet/ruflo/pull/2521 github.com: https://github.com/ruvnet/ruflo/commit/d00a0a40cd8bdbca877ac7f675f416bdc69accd1 github.com: https://github.com/ruvnet/ruflo/releases/tag/v3.16.3