CVE-2026-2099 — AgentFlow developed by Flowring has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript codes that are executed in users' browsers — CVE Database · The Intelligence Room