CVE-2026-47118
Path Traversal in Agent Zero
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
Agent Zero before version 1.15 has a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending specially crafted paths to the image file serving endpoint.
This endpoint relies only on an extension allowlist and has its path containment check disabled, meaning it does not properly restrict file access to intended directories.
Attackers can request any file with an image extension that the process can read, including files outside the agent workspace, user home directories, and mounted volumes.
Additionally, the lack of path canonicalization allows attackers to use symbolic link (symlink) based escapes to access unauthorized files.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized disclosure of sensitive files on the affected system.
Since attackers can read arbitrary files with image extensions, they might access confidential information stored outside the intended directories.
This exposure could include user data, configuration files, or other sensitive information residing in user home directories or mounted volumes.
Because the vulnerability is exploitable without authentication, it increases the risk of data leakage from the system.