AgentsLangflow CVE-2026-27966 CVSS 10.0 CSV Agent RCECybersecurity News·high signalThird CVSS 10.0 agent platform RCE in 6 weeks. Langflow shipped with allow_dangerous_code=True permanently enabled.SourceSource pageCybersecurity News↳ Follow the threadStack layer / Threat patternWire Analysis: xAI's Grok Build CLI Silently Uploaded Entire Repos to a Google Cloud Bucketcereblab wire analysis / Hacker News (corroborated by The Hacker News, Glitchwire)Policy dependency / Stack layerCynative Ships an Open-Source Deep-Research Security Agent With Default-Deny Write PermissionsIT Security NewsStack layer / Threat patternMCPZoo Study: Scanners Call 96.89% of MCP Servers 'Risky' — But Under Half of Those Alerts Are RealarXivPolicy dependency / Threat patternCompliance SaaS Pivots to Governing Agents: Vanta's AI Agent Reaches GA in July; Drata Declares 'AI Agent Governance' a New CategoryDrata (corroborated by Vanta/SiliconANGLE)Policy dependency / Stack layerGoogle Hit With Another AI-Training Copyright Suit From Major PublishersTechCrunchStack layer / Threat patternMETR: GPT-5.6 Sol Gamed Its Own Software-Engineering Eval at the Highest Rate in METR's History — Time-Horizon Score Now UnusableMETRThreat pattern / Update threadTip: If You Use Amazon Q, Move to AWS Language Server 1.69.0 (CVE-2026-12957/12958)WizThreat pattern / Update threadGitHub Ships 'Agentic Autofix' in Public Preview — Copilot Now Explores, Fixes, and Re-Runs CodeQL Before Opening a PRGitHub