๐Ÿ” CVE Alert

CVE-2026-15330

HIGH 7.3

zhayujie CowAgent Vision Tool vision.py _download_to_data_url server-side request forgery

CVSS Score
7.3
EPSS Score
0.4%
EPSS Percentile
27th

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function _build_image_content/_download_to_data_url of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.1.2 is recommended to address this issue. This patch is called e85290cddcbb5ffc9c235927f4c92e5b4c3ec264. Upgrading the affected component is advised.

CWE CWE-918
Vendor zhayujie
Product cowagent
Published Jul 10, 2026
Last Updated Jul 10, 2026
Stay Ahead of the Next One

Get instant alerts for zhayujie cowagent

Be the first to know when new high vulnerabilities affecting zhayujie cowagent are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability

Affected Versions

zhayujie / CowAgent
2.1.0 2.1.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
vuldb.com: https://vuldb.com/vuln/377273 vuldb.com: https://vuldb.com/vuln/377273/cti vuldb.com: https://vuldb.com/cve/CVE-2026-15330 vuldb.com: https://vuldb.com/submit/853103 github.com: https://github.com/zhayujie/CowAgent/issues/2872 github.com: https://github.com/zhayujie/CowAgent/pull/2886 github.com: https://github.com/zhayujie/CowAgent/commit/e85290cddcbb5ffc9c235927f4c92e5b4c3ec264 github.com: https://github.com/zhayujie/CowAgent/releases/tag/2.1.2 github.com: https://github.com/zhayujie/CowAgent/

Credits

๐Ÿ” Eric-x (VulDB User)