CVE-2026-47119 is a stored cross-site scripting vulnerability in 3clyp50's agent-zero before version 1.15. The vulnerability occurs because the image_get API endpoint serves SVG files without critical security headers (Content-Security-Policy, X-Content-Type-Options, Content-Disposition), allowing attackers to embed malicious JavaScript within SVG files. Attackers can place these crafted SVG files in any path readable by the agent-zero process. When an authenticated user accesses the image_get endpoint to retrieve the SVG, the browser executes the embedded script, which can steal the user's csrf_token cookie and perform unauthorized API actions. The CVSS 4.0 score is 5.3 (medium severity). No patch or official remediation has been documented as of the published date.

Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of the affected application, leading to theft of csrf_token cookies and unauthorized API calls performed with the victim's privileges. This compromises user session integrity and can result in unauthorized actions within the application. The vulnerability requires the attacker to place a malicious SVG file in a location accessible to the agent-zero process and to lure an authenticated user to access the image_get endpoint serving that file.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should restrict write permissions to directories accessible by the agent-zero process to prevent placement of malicious SVG files. Additionally, consider implementing web application firewall rules to detect and block suspicious SVG payloads and monitor for unusual API activity. Applying security headers such as Content-Security-Policy, X-Content-Type-Options, and Content-Disposition on the image_get endpoint would mitigate the risk but requires vendor action.