Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 10 Jul 2026 05:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was identified in zhayujie CowAgent up to 2.1.0. The affected element is the function _add_url/_add_package of the file agent/skills/service.py of the component Skill Installation Handler. The manipulation of the argument Name leads to path traversal. The attack may be initiated remotely. Upgrading to version 2.1.2 is sufficient to fix this issue. The identifier of the patch is e85290cddcbb5ffc9c235927f4c92e5b4c3ec264. It is advisable to upgrade the affected component. | |
| Title | zhayujie CowAgent Skill Installation service.py _add_package path traversal | |
| First Time appeared |
Zhayujie
Zhayujie cowagent |
|
| Weaknesses | CWE-22 | |
| CPEs | cpe:2.3:a:zhayujie:cowagent:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Zhayujie
Zhayujie cowagent |
|
| References |
|
|
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-10T04:15:10.104Z
Reserved: 2026-07-09T18:37:47.214Z
Link: CVE-2026-15331
No data.
No data.
No data.
OpenCVE Enrichment
No data.