Information Disclosure Vulnerability in zhayujie CowAgent Browser Tool
CVE-2026-15329
Key Information:
Badges
What is CVE-2026-15329?
A vulnerability exists in the zhayujie CowAgent's Browser Tool that allows for the potential unauthorized disclosure of sensitive information via the BrowserTool._do_navigate function in browser_tool.py. This issue can be triggered remotely, exposing users to data risks. The project maintainers have been made aware of the vulnerability through an early report but have yet to implement a response. With the exploit already publicly known, it poses a concern for users of CowAgent up to version 2.1.0.
Affected Version(s)
CowAgent 2.0
CowAgent 2.1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved
