ruflo is vulnerable to Remote Code Execution
100
Critical Risk
The MCP bridge in ruflo exposes the POST /mcp and POST /mcp/:group endpoints without authentication, and the shipped docker-compose defaults bind the bridge and MongoDB to all network interfaces. An unauthenticated network attacker can call tools/call to reach terminal_execute and run arbitrary OS commands inside the bridge container, gaining a shell, reading provider API keys from the environment, and poisoning the AgentDB learning store. The terminal_execute blocklist is enforced only in the autopilot flow, so the primary MCP request paths bypass it. The fix binds the bridge to loopback by default, adds bearer-token authentication with constant-time comparison, and gates terminal_execute behind an explicit opt-in.
You are affected if you are using a version that falls within the vulnerable range and you deploy the MCP bridge (for example via the default docker-compose configuration).
ruflo is vulnerable to Remote Code Execution in versions 0.0.1 - 3.16.2.
Upgrade the ruflo library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant