CVE-2026-30624

Anthropic · n/a

CVE-2026-30624: Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The a

Description

Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration containing arbitrary command and args values. These values are executed by the application when the configuration is applied without sufficient validation or restriction. An attacker may supply a malicious MCP configuration to execute arbitrary operating system commands, potentially resulting in remote code execution with the privileges of the Agent Zero process.

Affected Products

Vendor	Product	Versions
Anthropic	n/a	n/a, 0.9.8

References

https://www.ox.security/blog/mcp-supply-chain-advisory-rce-vulnerabilities-across-the-ai-ecosystem/

Related News (2 articles)

Tier D

The Hacker News23h ago

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

→ No new info (linked only)

Tier C

VulDB5d ago

CVE-2026-30624 | Agent Zero 0.9.8 MCP privilege escalation

→ No new info (linked only)

CVSS 3.18.6 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CISA KEV❌ No

Actively exploited❌ No

CWECWE-77, CWE-20

PublishedApr 15, 2026

Last enriched23h agov3

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

NONECVE-2026-35022EXP

Anthropic Claude Code & Agent SDK OS Command Injection via Authentication Helper

Trending: 45

NONECVE-2026-35021

Anthropic Claude Code & Agent SDK OS Command Injection via promptEditor.ts

Trending: 6

NONECVE-2026-35020

Anthropic Claude Code & Agent SDK OS Command Injection via TERMINAL Environment Variable

Trending: 6

HIGHCVE-2026-21852

Claude Code is an agentic coding tool. Prior to version 2.0.65, vulnerability in Claude Code's project-load flow allowed malicious repositories to exfiltrate data including Anthropic API keys before u

Trending: 5

NONECVE-2026-34452

Claude SDK for Python: Memory Tool Path Validation Race Condition Allows Sandbox Escape

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 15, 2026

Discovered by ZDM

Apr 15, 2026

Updated: description, severity, affectedVersions

Apr 15, 2026

Updated: vendor, affectedVersions, cweIds, tags

Apr 20, 2026

Version History

Last enriched 23h ago

v3Tier D23h ago

Updated description with significant technical details, added vendor information, changed severity to CRITICAL, updated CVSS estimate to 9.0, and included new CWE IDs and tags.

vendoraffectedVersionscweIdstags

via The Hacker News

v2Tier C5d ago

Updated severity to CRITICAL, added affected version 0.9.8, and corrected exploit availability status.

descriptionseverityaffectedVersions

via VulDB

v15d ago

Initial creation