Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable skill installer requires low-privilege authentication (PR:L); path traversal enables limited out-of-bounds file writes (I:L) and potential disruption (A:L) with no confidentiality impact.
Primary rating from Vendor (vuldb).
CVSS VectorVendor: vuldb
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability was identified in zhayujie CowAgent up to 2.1.0. The affected element is the function _add_url/_add_package of the file agent/skills/service.py of the component Skill Installation Handler. The manipulation of the argument Name leads to path traversal. The attack may be initiated remotely. Upgrading to version 2.1.2 is sufficient to fix this issue. The identifier of the patch is e85290cddcbb5ffc9c235927f4c92e5b4c3ec264. It is advisable to upgrade the affected component.
AnalysisAI
Path traversal in zhayujie CowAgent versions up to 2.1.0 allows remote low-privilege authenticated attackers to write files outside the intended skill installation directory by manipulating the Name argument in the Skill Installation Handler. The flaw resides in the _add_url and _add_package functions within agent/skills/service.py, which fail to sanitize path components before constructing filesystem paths during skill installation. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to possess a valid low-privilege account on the CowAgent instance, as confirmed by PR:L in the CVSS 4.0 vector. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 5.3 (Medium) reflects network accessibility (AV:N), low attack complexity (AC:L), low-privilege authentication requirement (PR:L), and limited integrity and availability impact (VI:L, VA:L) with no confidentiality exposure (VC:N) and no lateral impact on subsequent systems (SC/SI/SA:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with a valid low-privilege CowAgent account submits a skill installation request to the API endpoint backed by `_add_url` or `_add_package`, supplying a crafted `Name` value containing traversal sequences such as `../../etc/cron.d/malicious`. The unsanitized name is used to construct a target path outside the skills directory, writing an attacker-controlled file to a sensitive system location. … |
| Remediation | Upgrade CowAgent to version 2.1.2 or later, which is confirmed by the vendor via the GitHub release at https://github.com/zhayujie/CowAgent/releases/tag/2.1.2. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42789
GHSA-c3mj-x5cv-cphr