CVE-2026-47119

Published: May 27, 2026

Modified: May 27, 2026

PUBLISHED

CVSS v3.1

6.1

MEDIUM

Description

Agent Zero before version 1.15 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript in the application origin by serving SVG files through the image_get API endpoint without Content-Security-Policy, X-Content-Type-Options, or Content-Disposition headers. Attackers can place a crafted SVG file containing script tags in any path readable by the agent-zero process and lure an authenticated user to the image_get endpoint, causing the browser to execute the malicious script, steal the csrf_token cookie, and perform unauthorized API calls on behalf of the victim.

Vendor	Product	Versions
3clyp50	agent-zero	affected `0 - < 1.15`

Weaknesses (CWE)

CWE-79

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

References

https://github.com/agent0ai/agent-zero/issues/1609

issue-tracking

https://github.com/3clyp50/agent-zero/commit/1f2d5122265282d6b98bc36ee8f9d0f8ab76db9e

patch

https://www.vulncheck.com/advisories/agent-zero-stored-xss-via-image-get-api-endpoint

third-party-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2026-47119

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References