← Back

Agent Zero

agent-zero

Vendor: Agent Zero • 5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-30624
1Agent Zero
1Agent Zero
Apr 20, 2026
Apr 15, 2026
N/A· v4
8.6 HIGH· v3
N/A· v2
Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary comman...Show more
Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the configuration is applied without sufficient validation or restriction. An attacker may supply a malicious MCP configuration to execute arbitrary operating system commands, potentially resulting in remote code execution with the privileges of the Agent Zero process.Show less
CVE-2025-55524
1Agent Zero
1Agent Zero
Jan 8, 2026
Aug 21, 2025
N/A· v4
7.3 HIGH· v3
N/A· v2
Insecure permissions in Agent-Zero v0.8.* allow attackers to arbitrarily reset the system via unspecified vectors.
CVE-2025-55523
1Agent Zero
1Agent Zero
Jan 8, 2026
Aug 21, 2025
N/A· v4
3.5 LOW· v3
N/A· v2
An issue in the component /api/download_work_dir_file.py of Agent-Zero v0.8.* allows attackers to execute a directory traversal.
CVE-2025-6166
1Agent Zero
1Agent Zero
Jan 8, 2026
Jun 17, 2025
5.1 MEDIUM· v4
3.5 LOW· v3
2.7 LOW· v2
A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function image_get of the file /python/api/image_get.py. The manipulation of the argument path leads to...Show more
A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function image_get of the file /python/api/image_get.py. The manipulation of the argument path leads to path traversal. Upgrading to version 0.8.4.1 is able to address this issue. The identifier of the patch is 5db74202d632306a883ccce7339c5bdba0d16c5a. It is recommended to upgrade the affected component.Show less
CVE-2025-3547
1Agent Zero
1Agent Zero
Jan 8, 2026
Apr 14, 2025
5.3 MEDIUM· v4
6.3 MEDIUM· v3
6.5 MEDIUM· v2
A vulnerability classified as critical was found in frdel Agent-Zero 0.8.1.2. This vulnerability affects unknown code of the file /get_work_dir_files. The manipulation of the argument path leads to path traversal. The at...Show more
A vulnerability classified as critical was found in frdel Agent-Zero 0.8.1.2. This vulnerability affects unknown code of the file /get_work_dir_files. The manipulation of the argument path leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.Show less