CVE-2026-30624

HIGH EPSS 32.3%

Published Apr 15, 20262mo ago · Modified Jun 17, 20261w ago

8.6 CVSS 3.1

High

Published Apr 15, 2026 2mo ago

Last Modified Jun 17, 2026 1w ago

Description

Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the configuration is applied without sufficient validation or restriction. An attacker may supply a malicious MCP configuration to execute arbitrary operating system commands, potentially resulting in remote code execution with the privileges of the Agent Zero process.

CVSS Details

Base Score

8.6

Exploitability

3.9

Impact

4.7

Vector string

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Attack Vector Network

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality Low

Integrity Low

Availability High

Threat Intelligence

EPSS Exploit Probability

32.3% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-77 Command Injection Injection

Affected Products 1

Vendor	Product	Version	Range
agent-zero	agent-zero	0.9.8	any

References 1

ox.security https://www.ox.security/blog/mcp-supply-chain-advisory-rce-vulnerabilities-across-the-ai-ecosystem/

Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.