Compliance Impact

The vulnerability allows attackers to execute arbitrary JavaScript in the application origin by exploiting a stored cross-site scripting (XSS) flaw via SVG files served through the image_get API endpoint. This can lead to theft of sensitive data such as csrf_token cookies and unauthorized API calls on behalf of authenticated users.

Such unauthorized access and data theft can compromise the confidentiality and integrity of user data, which may violate requirements under common standards and regulations like GDPR and HIPAA that mandate protection of personal and sensitive information.

Therefore, this vulnerability poses a risk to compliance with these regulations by potentially exposing protected data through cross-site scripting attacks.

Useful 0 Not Useful 0

Executive Summary

CVE-2026-47119 is a stored cross-site scripting (XSS) vulnerability in Agent Zero versions before 1.15. Attackers can upload specially crafted SVG files containing malicious JavaScript through the image_get API endpoint. Because the application lacks important security headers like Content-Security-Policy, X-Content-Type-Options, and Content-Disposition, the malicious script executes in the browser of an authenticated user who accesses the image_get endpoint.

This execution allows the attacker to steal sensitive information such as the csrf_token cookie and perform unauthorized API calls on behalf of the victim.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to unauthorized actions being performed in your application without your consent. Specifically, attackers can steal your csrf_token cookie, which is used to protect against cross-site request forgery, and then use it to make unauthorized API calls as if they were you.

This can result in data theft, manipulation of your account or data, and potentially compromise the integrity and confidentiality of your information.

Useful 0 Not Useful 0

Detection Guidance

Detection of this vulnerability involves identifying if your Agent Zero installation is a version prior to 1.15 and if it serves SVG files through the image_get API endpoint without proper security headers.

You can check the version of Agent Zero installed on your system to confirm if it is vulnerable.

To detect the vulnerability on the network or system, you can attempt to access the image_get API endpoint and inspect the HTTP response headers for the absence of Content-Security-Policy, X-Content-Type-Options, and Content-Disposition headers.

Example commands to check the headers using curl:

• curl -I https://your-agent-zero-domain/image_get?file=example.svg

Look for missing or absent security headers in the response.

Additionally, you can search your file system for SVG files placed in paths readable by the agent-zero process that may contain script tags.

• grep -r --include="*.svg" "<script" /path/to/agent-zero/

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade Agent Zero to version 1.15 or later, where this vulnerability is fixed.

If upgrading is not immediately possible, implement security headers such as Content-Security-Policy, X-Content-Type-Options, and Content-Disposition on the image_get API endpoint to prevent execution of malicious scripts.

Also, review and remove any untrusted or suspicious SVG files containing script tags from paths accessible by the agent-zero process.

Limit access to the image_get API endpoint to only trusted and authenticated users.

Useful 0 Not Useful 0