CVE-2026-59726 is an improper authentication vulnerability in Ruflo, an agent meta-harness for Claude Code and Codex. In versions prior to 3.16.3, the default docker-compose deployment exposed the MCP bridge POST /mcp and POST /mcp/:group endpoints without authentication. An unauthenticated network attacker could reach these endpoints and invoke tools/call to terminal_execute, resulting in command execution within the bridge container. The exposed functionality also enabled access to provider API keys present in the container environment and allowed manipulation of AgentDB learning-store patterns. The issue affects default deployments where the MCP bridge is network-accessible and was corrected in version 3.16.3.
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
What an attacker gets, and what they’ve been doing with it.
If you can’t patch tonight, do this now.
Patch, then assume compromise.
No public exploits tracked yet. Mallory keeps watching.
No public exploit code observed for this vulnerability.
4 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.