Agent Zero before version 1.15 contains a path traversal flaw that lets unauthenticated users read any file with an image extension that the server process can access. The vulnerability arises because the image_get API uses only an extension allowlist and disables its path containment check, allowing the attacker to specify crafted paths. The lack of path canonicalization means that symbolic links can be exploited to escape the intended directory. Successful exploitation allows an attacker to read configuration files, certificates, user data, or any mounted volume the process can reach, potentially enabling further compromise or exfiltration of sensitive data.

Vendor 3clyp50 provides the open‑source Agent Zero platform. All releases prior to version 1.15 are affected; the advisory indicates that every build in the 1.0‑1.14 series is vulnerable. No specific operating system or deployment scenario restrictions are listed, implying that any host running an impacted agent will be at risk if the image_get endpoint is exposed.

The CVSS score of 7.1 classifies the flaw as high severity. EPSS is not available, so the current exploitation probability cannot be quantified from the publicly available metrics. The vulnerability is not listed in the CISA KEV catalog, but its ability to access arbitrary files in the process’s namespace remains a serious risk, especially when the host is multi‑tenant or holds sensitive material. Attackers can trigger the flaw via HTTP requests to the image_get endpoint; no authentication or additional privileges are required.