| tiêu đề | zhayujie CowAgent <= 2.1.0 Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) |
|---|
| Mô tả | # Technical Details
A local file disclosure vulnerability exists in the `BrowserTool._do_navigate` method in `agent/tools/browser/browser_tool.py` of CowAgent.
The application fails to enforce a URL scheme allowlist before forwarding attacker-controlled URLs to Playwright. Non-network schemes such as `file://` are preserved, passed to `BrowserService._do_navigate`, loaded by Chromium, and then exposed through the browser tool's automatic snapshot response.
# Vulnerable Code
File: `agent/tools/browser/browser_tool.py`
Method: `BrowserTool._do_navigate`
Why: The method only prepends `https://` for bare hosts and intentionally preserves `file://`, `about:`, and `data:` URLs before calling the browser service and returning a page snapshot.
File: `agent/tools/browser/browser_service.py`
Method: `BrowserService._do_navigate`
Why: The method passes the unvalidated URL directly into Playwright `page.goto(url, wait_until="domcontentloaded", timeout=timeout)`.
# Reproduction
1. Install CowAgent / `chatgpt-on-wechat` with the browser tool available and Playwright Chromium installed.
2. Create a local readable canary file such as `/tmp/cve-2026-32008-canary.txt`.
3. Invoke the browser tool with `{"action":"navigate","url":"file:///tmp/cve-2026-32008-canary.txt"}`.
4. Observe that Chromium loads the local file.
5. Inspect the returned tool result and confirm the automatic page snapshot contains the local file contents.
6. Run a control with `about:blank` and confirm the canary is not disclosed.
# Impact
- Authenticated users who can trigger `browser.navigate` can read local files accessible to the CowAgent process user.
- Sensitive files such as configuration, cached credentials, API keys, logs, uploaded artifacts, and local memory data may be exposed.
- The browser feature silently changes from web navigation into local host file access without explicit operator approval. |
|---|
| Nguồn | ⚠️ https://github.com/zhayujie/CowAgent/issues/2871 |
|---|
| Người dùng | Eric-x (UID 94869) |
|---|
| Đệ trình | 09/06/2026 16:39 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 09/07/2026 20:38 (1 month later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 377272 [zhayujie CowAgent đến 2.1.0 Browser Tool browser_tool.py BrowserTool._do_navigate tiết lộ thông tin] |
|---|
| điểm | 20 |
|---|