CVE-2026-47118

MEDIUM 6.5

Agent Zero < 1.15 Path Traversal File Read via image_get API

CVSS Score

6.5

EPSS Score

0.1%

EPSS Percentile

18th

Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, which relies solely on an extension allowlist while the path containment check is explicitly disabled. Attackers can request any file with an image extension readable by the process, including files outside the agent workspace, user home directories, and mounted volumes, and can also leverage symlink-based escapes due to the lack of path canonicalization in the path resolution logic.

CWE	CWE-22
Vendor	3clyp50
Product	agent-zero
Published	May 27, 2026
Last Updated	May 28, 2026

Stay Ahead of the Next One

Get instant alerts for 3clyp50 agent-zero

Be the first to know when new medium vulnerabilities affecting 3clyp50 agent-zero are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

3clyp50 / agent-zero

0 < 1.15

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/agent0ai/agent-zero/issues/1609 github.com: https://github.com/3clyp50/agent-zero/commit/1f2d5122265282d6b98bc36ee8f9d0f8ab76db9e vulncheck.com: https://www.vulncheck.com/advisories/agent-zero-path-traversal-file-read-via-image-get-api

Credits

YU SUN