{"data":{"id":"138616a5-38d8-4abd-a749-ee2081c03109","title":"CVE-2026-59726: Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default docker-compose deployment exp","summary":"Ruflo is an agent meta-harness (a tool that manages AI agents like Claude Code) that had a critical security flaw in versions before 3.16.3. The default Docker Compose setup (a way to run multiple software containers together) exposed two endpoints without authentication (security checks), allowing anyone on the network to run terminal commands, access API keys (credentials for external services), and corrupt stored learning patterns.","solution":"Update to version 3.16.3, which fixes this issue.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-59726","publishedAt":"2026-07-09T18:16:57.337Z","cveId":"CVE-2026-59726","cweIds":["CWE-78","CWE-306","CWE-942"],"cvssScore":"10","cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Anthropic"],"affectedVendorsRaw":["Ruflo","Claude","Codex","Anthropic"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-09T18:16:57.337Z","capecIds":["CAPEC-115","CAPEC-88"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010"]}}