CVE-2026-59726: Ruflo is an agent meta-harness for Claude Code and Codex. Prior to 3.16.3, ruflo's default docker-compose deployment exp
Summary
Ruflo is an agent meta-harness (a tool that manages AI agents like Claude Code) that had a critical security flaw in versions before 3.16.3. The default Docker Compose setup (a way to run multiple software containers together) exposed two endpoints without authentication (security checks), allowing anyone on the network to run terminal commands, access API keys (credentials for external services), and corrupt stored learning patterns.
Solution / Mitigation
Update to version 3.16.3, which fixes this issue.
Vulnerability Details
10(critical)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
network
low
none
none
July 9, 2026
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-59726
First tracked: July 9, 2026 at 08:10 PM
Classified by LLM (prompt v3) · confidence: 92%