Agent Zero
by Agent Zero
Source repositories
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-30624 | Hig | 0.56 | 8.6 | 0.00 | Apr 15, 2026 | Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the… | ||
| CVE-2026-47118 | Med | 0.35 | 6.5 | 0.00 | May 27, 2026 | Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is… | ||
| CVE-2026-47119 | Med | 0.33 | 6.1 | 0.00 | May 27, 2026 | Agent Zero before version 1.15 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript in the application origin by serving SVG files through the image_get API endpoint without Content-Security-Policy, X-Content-Type-Options, or… | ||
| CVE-2025-55523 | 0.00 | — | 0.01 | Aug 21, 2025 | An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal. | |||
| CVE-2025-55524 | 0.00 | — | 0.00 | Aug 21, 2025 | Insecure permissions in Agent-Zero v0.8.* allow attackers to arbitrarily reset the system via unspecified vectors. | |||
| CVE-2025-6166 | 0.00 | — | 0.01 | Jun 17, 2025 | A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function image_get of the file /python/api/image_get.py. The manipulation of the argument path leads to path traversal. Upgrading to version 0.8.4.1 is able to… | |||
| CVE-2025-3547 | 0.00 | — | 0.00 | Apr 14, 2025 | A vulnerability classified as critical was found in frdel Agent-Zero 0.8.1.2. This vulnerability affects unknown code of the file /get_work_dir_files. The manipulation of the argument path leads to path traversal. The attack can be initiated remotely. The exploit has been… |
- risk 0.56cvss 8.6epss 0.00
Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the…
- risk 0.35cvss 6.5epss 0.00
Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is…
- risk 0.33cvss 6.1epss 0.00
Agent Zero before version 1.15 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript in the application origin by serving SVG files through the image_get API endpoint without Content-Security-Policy, X-Content-Type-Options, or…
- CVE-2025-55523Aug 21, 2025risk 0.00cvss —epss 0.01
An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal.
- CVE-2025-55524Aug 21, 2025risk 0.00cvss —epss 0.00
Insecure permissions in Agent-Zero v0.8.* allow attackers to arbitrarily reset the system via unspecified vectors.
- CVE-2025-6166Jun 17, 2025risk 0.00cvss —epss 0.01
A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function image_get of the file /python/api/image_get.py. The manipulation of the argument path leads to path traversal. Upgrading to version 0.8.4.1 is able to…
- CVE-2025-3547Apr 14, 2025risk 0.00cvss —epss 0.00
A vulnerability classified as critical was found in frdel Agent-Zero 0.8.1.2. This vulnerability affects unknown code of the file /get_work_dir_files. The manipulation of the argument path leads to path traversal. The attack can be initiated remotely. The exploit has been…