VYPR

Agent Zero

by Agent Zero

Source repositories

CVEs (7)

  • CVE-2026-30624HigApr 15, 2026
    risk 0.56cvss 8.6epss 0.00

    Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the…

  • CVE-2026-47118MedMay 27, 2026
    risk 0.35cvss 6.5epss 0.00

    Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is…

  • CVE-2026-47119MedMay 27, 2026
    risk 0.33cvss 6.1epss 0.00

    Agent Zero before version 1.15 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript in the application origin by serving SVG files through the image_get API endpoint without Content-Security-Policy, X-Content-Type-Options, or…

  • CVE-2025-55523Aug 21, 2025
    risk 0.00cvss epss 0.01

    An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal.

  • CVE-2025-55524Aug 21, 2025
    risk 0.00cvss epss 0.00

    Insecure permissions in Agent-Zero v0.8.* allow attackers to arbitrarily reset the system via unspecified vectors.

  • CVE-2025-6166Jun 17, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function image_get of the file /python/api/image_get.py. The manipulation of the argument path leads to path traversal. Upgrading to version 0.8.4.1 is able to…

  • CVE-2025-3547Apr 14, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical was found in frdel Agent-Zero 0.8.1.2. This vulnerability affects unknown code of the file /get_work_dir_files. The manipulation of the argument path leads to path traversal. The attack can be initiated remotely. The exploit has been…