Home

Description

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled. Attackers can request any file with an image extension readable by the process, including files outside the agent workspace, user home directories, and mounted volumes, and can also leverage symlink-based escapes due to the lack of path canonicalization in the path resolution logic.

PUBLISHED Reserved 2026-05-18 | Published 2026-05-27 | Updated 2026-05-28 | Assigner VulnCheck




HIGH: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Problem types

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Product status

Default status
affected

Any version before 1.15
affected

Credits

YU SUN finder

References

github.com/agent0ai/agent-zero/issues/1609 issue-tracking

github.com/...ommit/1f2d5122265282d6b98bc36ee8f9d0f8ab76db9e patch

www.vulncheck.com/...h-traversal-file-read-via-image-get-api third-party-advisory

cve.org (CVE-2026-47118)

nvd.nist.gov (CVE-2026-47118)

Download JSON