CVE-2026-4308

Name of the Vulnerable Software and Affected Versions frdel/agent0ai agent-zero version 0.9.7

Description A server-side request forgery condition exists in the handle pdf document function within the python/helpers/document query.py file. This manipulation can be carried out remotely. The exploit has been made publicly available. The vendor was contacted regarding this issue but did not respond. The API endpoint is not specified. The vulnerable parameter is not specified.

Recommendations Versions prior to 0.9.7 are affected. As a temporary workaround, consider disabling the handle pdf document() function until a patch is available.