CVE-2026-30624
published 2026-04-15CVE-2026-30624: Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP…
PriorityP357high8.6CVSS 3.1
AVNACLPRNUINSUCLILAH
EPSS
0.40%
32.3th percentile
Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the configuration is applied without sufficient validation or restriction. An attacker may supply a malicious MCP configuration to execute arbitrary operating system commands, potentially resulting in remote code execution with the privileges of the Agent Zero process.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| agent-zero | agent-zero | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rppc-c4xv-v29h: Agent Zero 0
ghsa_unreviewed·2026-04-15
CVE-2026-30624 [HIGH] CWE-77 GHSA-rppc-c4xv-v29h: Agent Zero 0
Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the configuration is applied without sufficient validation or restriction. An attacker may supply a malicious MCP configuration to execute arbitrary operating system commands, potentially resulting in remote code execution with the privileges of the Agent Zero process.
VulDB
Agent Zero 0.9.8 MCP privilege escalation
vuldb·2026-04-15·CVSS 8.6
CVE-2026-30624 [HIGH] Agent Zero 0.9.8 MCP privilege escalation
A vulnerability classified as critical has been found in Agent Zero 0.9.8. The impacted element is an unknown function of the component MCP Handler. This manipulation causes privilege escalation.
This vulnerability is tracked as CVE-2026-30624. The attack is possible to be carried out remotely. No exploit exists.
No detection rules found.
No public exploits indexed.
2026-04-15
Published