CVE-2026-47119
Stored XSS in Agent Zero via SVG File Upload
Publication date: 2026-05-27
Last updated on: 2026-05-27
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-47119 is a stored cross-site scripting (XSS) vulnerability in Agent Zero versions before 1.15. Attackers can upload specially crafted SVG files containing malicious JavaScript through the image_get API endpoint. Because the application lacks important security headers like Content-Security-Policy, X-Content-Type-Options, and Content-Disposition, the malicious script executes in the browser of an authenticated user who accesses the image_get endpoint.
This execution allows the attacker to steal sensitive information such as the csrf_token cookie and perform unauthorized API calls on behalf of the victim.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized actions being performed in your application without your consent. Specifically, attackers can steal your csrf_token cookie, which is used to protect against cross-site request forgery, and then use it to make unauthorized API calls as if they were you.
This can result in data theft, manipulation of your account or data, and potentially compromise the integrity and confidentiality of your information.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if your Agent Zero installation is a version prior to 1.15 and if it serves SVG files through the image_get API endpoint without proper security headers.
You can check the version of Agent Zero installed on your system to confirm if it is vulnerable.
To detect the vulnerability on the network or system, you can attempt to access the image_get API endpoint and inspect the HTTP response headers for the absence of Content-Security-Policy, X-Content-Type-Options, and Content-Disposition headers.
Example commands to check the headers using curl:
- curl -I https://your-agent-zero-domain/image_get?file=example.svg
Look for missing or absent security headers in the response.
Additionally, you can search your file system for SVG files placed in paths readable by the agent-zero process that may contain script tags.
- grep -r --include="*.svg" "<script" /path/to/agent-zero/
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade Agent Zero to version 1.15 or later, where this vulnerability is fixed.
If upgrading is not immediately possible, implement security headers such as Content-Security-Policy, X-Content-Type-Options, and Content-Disposition on the image_get API endpoint to prevent execution of malicious scripts.
Also, review and remove any untrusted or suspicious SVG files containing script tags from paths accessible by the agent-zero process.
Limit access to the image_get API endpoint to only trusted and authenticated users.