js · agentic-flowCritical
agentic-flow Command Injection in MCP Server Tools
agentic-flow versions <= 2.0.13 had a command injection vulnerability in MCP server tools where attacker-influenced tool parameters were interpolated into shell
What changed
agentic-flow versions <= 2.0.13 had a command injection vulnerability in MCP server tools where attacker-influenced tool parameters were interpolated into shell command strings passed to execSync(). Fixed in 2.0.14 by using execFileSync with shell: false.
Who it affects
All users of agentic-flow <= 2.0.13, and downstream packages ruflo, claude-flow, @claude-flow/cli before their respective patched versions (3.12.4).
What to do today
Upgrade agentic-flow to >= 2.0.14, or if using downstream packages, upgrade ruflo to >= 3.12.4, claude-flow to >= 3.12.4, or @claude-flow/cli to >= 3.12.4.
The trail
Collected→
Audited→
Written→
Published