| 标题 | zhayujie CowAgent <= 2.1.0 Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) |
|---|
| 描述 | # Technical Details
A local file disclosure vulnerability exists in the `BrowserTool._do_navigate` method in `agent/tools/browser/browser_tool.py` of CowAgent.
The application fails to enforce a URL scheme allowlist before forwarding attacker-controlled URLs to Playwright. Non-network schemes such as `file://` are preserved, passed to `BrowserService._do_navigate`, loaded by Chromium, and then exposed through the browser tool's automatic snapshot response.
# Vulnerable Code
File: `agent/tools/browser/browser_tool.py`
Method: `BrowserTool._do_navigate`
Why: The method only prepends `https://` for bare hosts and intentionally preserves `file://`, `about:`, and `data:` URLs before calling the browser service and returning a page snapshot.
File: `agent/tools/browser/browser_service.py`
Method: `BrowserService._do_navigate`
Why: The method passes the unvalidated URL directly into Playwright `page.goto(url, wait_until="domcontentloaded", timeout=timeout)`.
# Reproduction
1. Install CowAgent / `chatgpt-on-wechat` with the browser tool available and Playwright Chromium installed.
2. Create a local readable canary file such as `/tmp/cve-2026-32008-canary.txt`.
3. Invoke the browser tool with `{"action":"navigate","url":"file:///tmp/cve-2026-32008-canary.txt"}`.
4. Observe that Chromium loads the local file.
5. Inspect the returned tool result and confirm the automatic page snapshot contains the local file contents.
6. Run a control with `about:blank` and confirm the canary is not disclosed.
# Impact
- Authenticated users who can trigger `browser.navigate` can read local files accessible to the CowAgent process user.
- Sensitive files such as configuration, cached credentials, API keys, logs, uploaded artifacts, and local memory data may be exposed.
- The browser feature silently changes from web navigation into local host file access without explicit operator approval. |
|---|
| 来源 | ⚠️ https://github.com/zhayujie/CowAgent/issues/2871 |
|---|
| 用户 | Eric-x (UID 94869) |
|---|
| 提交 | 2026-06-09 16時39分 (1 月前) |
|---|
| 管理 | 2026-07-09 20時38分 (1 month later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 377272 [zhayujie CowAgent 直到 2.1.0 Browser Tool browser_tool.py BrowserTool._do_navigate 信息公开] |
|---|
| 积分 | 20 |
|---|