{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/zhayujie/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.3,"id":"CVE-2026-15330"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["CowAgent"],"_cs_severities":["high"],"_cs_tags":["web-vulnerability","ssrf","remote-code-execution","network"],"_cs_type":"advisory","_cs_vendors":["zhayujie"],"content_html":"\u003cp\u003eA server-side request forgery (SSRF) vulnerability, identified as CVE-2026-15330, has been discovered in zhayujie CowAgent versions up to and including 2.1.1. This flaw specifically impacts the \u003ccode\u003e_build_image_content\u003c/code\u003e and \u003ccode\u003e_download_to_data_url\u003c/code\u003e functions located in the \u003ccode\u003eagent/tools/vision/vision.py\u003c/code\u003e file, part of the Vision Tool component. Attackers can remotely exploit this by crafting a malicious 'image' argument in a request, compelling the CowAgent server to make arbitrary requests to internal or external resources. The vulnerability has been publicly disclosed, increasing the risk of exploitation. Defenders should prioritize upgrading to version 2.1.2 or applying patch e85290cddcbb5ffc9c235927f4c92e5b4c3ec264 immediately to prevent potential network compromise and data exfiltration.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker crafts a specially designed HTTP request targeting a web endpoint of the zhayujie CowAgent application.\u003c/li\u003e\n\u003cli\u003eThe request includes a manipulated \u003ccode\u003eimage\u003c/code\u003e argument, pointing to an internal IP address or an otherwise restricted URL (e.g., \u003ccode\u003ehttp://localhost\u003c/code\u003e, \u003ccode\u003efile:///etc/passwd\u003c/code\u003e, \u003ccode\u003ehttp://169.254.169.254\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe vulnerable application endpoint processes the incoming request, invoking the \u003ccode\u003e_build_image_content\u003c/code\u003e or \u003ccode\u003e_download_to_data_url\u003c/code\u003e function within \u003ccode\u003eagent/tools/vision/vision.py\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe application, unaware of the malicious intent, attempts to fetch content from the URL specified in the \u003ccode\u003eimage\u003c/code\u003e argument.\u003c/li\u003e\n\u003cli\u003eDue to the SSRF vulnerability, the CowAgent server initiates an outbound connection to the attacker-controlled or internal destination URL.\u003c/li\u003e\n\u003cli\u003eThis allows the attacker to read arbitrary files from the server, scan internal networks, interact with internal services, or potentially exfiltrate sensitive data.\u003c/li\u003e\n\u003cli\u003eDepending on the success of the internal access, the attacker may pivot to other internal systems or collect credentials for further compromise.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-15330 can lead to severe consequences for affected organizations. Attackers can leverage the server-side request forgery to access and exfiltrate sensitive data from internal systems that are not directly exposed to the internet. This includes reading local files (e.g., configuration files, credentials), performing port scans of the internal network, and interacting with or exploiting other internal services (e.g., cloud metadata services, internal APIs, databases). The publicly disclosed nature of the exploit increases the likelihood of rapid adoption by malicious actors, potentially leading to widespread compromise for unpatched instances of zhayujie CowAgent.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePrioritize upgrading all zhayujie CowAgent instances to version 2.1.2 or later immediately to address CVE-2026-15330.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rule to your SIEM to detect attempts to exploit CVE-2026-15330 via the \u003ccode\u003eimage\u003c/code\u003e argument. Tune rule sensitivity to reduce false positives.\u003c/li\u003e\n\u003cli\u003eReview web server logs for suspicious requests containing common SSRF payloads in URI parameters, as indicated by the Sigma rule, and investigate any matches.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-10T05:24:28Z","date_published":"2026-07-10T05:24:28Z","id":"https://feed.craftedsignal.io/briefs/2026-07-cowagent-ssrf/","summary":"A critical server-side request forgery (SSRF) vulnerability, CVE-2026-15330, exists in zhayujie CowAgent up to version 2.1.1, allowing remote attackers to manipulate the 'image' argument in the Vision Tool component's `_build_image_content` or `_download_to_data_url` functions to access internal resources or conduct port scanning.","title":"CVE-2026-15330: zhayujie CowAgent Server-Side Request Forgery","url":"https://feed.craftedsignal.io/briefs/2026-07-cowagent-ssrf/"}],"language":"en","title":"CraftedSignal Threat Feed - Zhayujie","version":"https://jsonfeed.org/version/1.1"}