CVE-2026-15330
Received Received - Intake

Server-Side Request Forgery in CowAgent Vision Tool

Vulnerability report for CVE-2026-15330, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: VulDB

Description

A vulnerability was determined in zhayujie CowAgent up to 2.1.1. Impacted is the function _build_image_content/_download_to_data_url of the file agent/tools/vision/vision.py of the component Vision Tool. Executing a manipulation of the argument image can lead to server-side request forgery. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.1.2 is recommended to address this issue. This patch is called e85290cddcbb5ffc9c235927f4c92e5b4c3ec264. Upgrading the affected component is advised.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-10
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
zhayujie cowagent to 2.1.1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-15330 is a Server-Side Request Forgery (SSRF) vulnerability found in the CowAgent project, specifically in the Vision Tool component. The vulnerability exists in the functions _build_image_content and _download_to_data_url within the file agent/tools/vision/vision.py. An attacker can manipulate the image argument to make the server send unauthorized HTTP requests to internal or private network addresses. This can be exploited remotely without authentication.

The vulnerability allows attackers to probe internal networks or cloud metadata endpoints by controlling image URLs that the server fetches without proper validation.

The issue was fixed by adding a URL validation function that blocks requests to private, loopback, link-local, or reserved IP ranges before making network calls.

Impact Analysis

This vulnerability can have significant security impacts by allowing an attacker to make the vulnerable server perform unauthorized HTTP requests to internal services or private network resources.

  • Unauthorized access to internal services that are not exposed externally.
  • Probing and reconnaissance of internal network infrastructure.
  • Potential exposure of sensitive internal endpoints, such as cloud metadata services.

Such impacts can lead to information disclosure, further exploitation, or lateral movement within an internal network.

Detection Guidance

The vulnerability involves Server-Side Request Forgery (SSRF) in the vision tool component of CowAgent, where attacker-controlled image URLs can cause the server to make unauthorized HTTP requests to internal or private network addresses.

Detection can focus on monitoring HTTP requests made by the CowAgent server to unusual or internal IP addresses such as loopback (127.0.0.1), private IP ranges (RFC1918), link-local, or reserved IP addresses.

You can check server logs or network traffic for outbound HTTP GET requests to internal IPs or unexpected destinations triggered by the vision tool.

Since the attack can be triggered via POST requests to the /message endpoint processed by the agent's tool-dispatch workflow, monitoring or logging POST requests to this endpoint with suspicious image URLs is recommended.

Specific commands are not provided in the resources, but general approaches include:

  • Using network monitoring tools (e.g., tcpdump, Wireshark) to capture outbound HTTP requests from the CowAgent server to internal IP ranges.
  • Reviewing application logs for requests to /message containing image URLs starting with http:// or https:// that resolve to private or loopback IPs.
  • Using curl or similar tools to simulate POST requests to the /message endpoint with crafted image URLs to test if the server fetches internal resources.
Mitigation Strategies

The primary mitigation step is to upgrade the CowAgent component to version 2.1.2 or later, which includes the security fix for this vulnerability.

The fix includes adding SSRF protection by validating URLs before making network requests, blocking requests to private, loopback, link-local, or reserved IP ranges.

Additionally, path traversal protections have been added for skill installation to prevent directory escape attacks.

If immediate upgrade is not possible, consider restricting outbound HTTP requests from the CowAgent server to only trusted external IPs and blocking requests to internal or loopback addresses at the network or firewall level.

Monitor and audit usage of the vision tool and the /message endpoint to detect and block suspicious activity.

Compliance Impact

The vulnerability CVE-2026-15330 is a Server-Side Request Forgery (SSRF) issue that allows attackers to make the server send unauthorized HTTP requests to internal or private network addresses. This can lead to unauthorized access to internal services and sensitive data.

Such unauthorized access and potential data exposure could impact compliance with standards and regulations like GDPR and HIPAA, which require protection of personal and sensitive information against unauthorized access and data breaches.

However, the provided context and resources do not explicitly discuss or analyze the impact of this vulnerability on compliance with these or other common standards and regulations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-15330. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart