PT-2026-25872 · Frdel · Agent0Ai
Eric-Y
+1
·
Published
2026-03-17
·
Updated
2026-03-18
·
CVE-2026-4308
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
frdel/agent0ai agent-zero version 0.9.7
Description
A server-side request forgery condition exists in the
handle pdf document function within the python/helpers/document query.py file. This manipulation can be carried out remotely. The exploit has been made publicly available. The vendor was contacted regarding this issue but did not respond. The API endpoint is not specified. The vulnerable parameter is not specified.Recommendations
Versions prior to 0.9.7 are affected.
As a temporary workaround, consider disabling the
handle pdf document() function until a patch is available.Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Agent0Ai