Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the configuration is applied without sufficient validation or restriction. An attacker may supply a malicious MCP configuration to execute arbitrary operating system commands, potentially resulting in remote code execution with the privileges of the Agent Zero process.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Agent Zero 安全漏洞
Vulnerability Description
Agent Zero是Jan Tomášek个人开发者的一个人工智能框架。 Agent Zero 0.9.8版本存在安全漏洞,该漏洞源于外部MCP服务器配置功能存在缺陷,可能导致攻击者执行任意操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A