PT-2026-60992 · Zhayujie · Cowagent
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
zhayujie CowAgent versions prior to 2.1.2
Description
An issue exists in the
WebFetch.execute() function within the agent/tools/web fetch/web fetch.py file. A remote attacker can manipulate the url argument to perform server-side request forgery (SSRF), a technique where the server is coerced into making unauthorized requests to internal or external resources.Recommendations
Upgrade to version 2.1.2.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cowagent