EUVD-2026-31565

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function isblockeddevice of the file tools/filetools.py of the component readfile Tool. Performing a manipulation results in path traversal. The attack may be initiated remotely. The...

CVE-2026-9351

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function isblockeddevice of the file tools/filetools.py of the component readfile Tool. Performing a manipulation results in path traversal. The attack may be initiated remotely. The...

Hermes Agent 路径遍历漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring self-learning capabilities. Versions of Hermes Agent prior to 2026.4.16 contained a path traversal vulnerability. This vulnerability originated from the isblockeddevice function in the tools/filetools.py file within the readfi...

PT-2026-42907

Name of the Vulnerable Software and Affected Versions NousResearch hermes-agent versions prior to 2026.4.17 Description A flaw in the read file Tool within the tools/file tools.py file affects the is blocked device function. This issue allows a remote attacker to perform a path traversal, which i...

CVE-2026-7400 geekgod382 filesystem-mcp-server read_file_tool/write_file_tool server.py is_path_allowed path traversal

A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function ispathallowed of the file server.py of the component readfiletool/writefiletool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit has be...

CVE-2026-7400 geekgod382 filesystem-mcp-server read_file_tool/write_file_tool server.py is_path_allowed path traversal

A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function ispathallowed of the file server.py of the component readfiletool/writefiletool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit has be...

Improper Access Control

flowise is vulnerable to improper access control.The vulnerability is due to insufficient file path restrictions in the WriteFileTool and ReadFileTool, which allows an attacker to read or write arbitrary files and potentially achieve remote command execution...

GHSA-J44M-5V8F-GC9C Flowise is vulnerable to arbitrary file exposure through its ReadFileTool

Summary The ReadFileTool in Flowise does not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read arbitrary files from the file system, potentially leading to remote command execution. Details Flowise supports providing ReadFileTool for large models to...

Flowise is vulnerable to arbitrary file exposure through its ReadFileTool

Summary The ReadFileTool in Flowise does not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read arbitrary files from the file system, potentially leading to remote command execution. Details Flowise supports providing ReadFileTool for large models to...

CVE-2025-61913 Flowise is vulnerable to arbitrary file read, arbitrary file write

Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read and write arbitrary files to any...

CVE-2025-61913 Flowise is vulnerable to arbitrary file read, arbitrary file write

Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read and write arbitrary files to any...

Flowise 路径遍历漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A path traversal vulnerability exists in versions prior to Flowise 3.0.8, which stems from unrestricted file path access in WriteFileTool and ReadFileTool, and could lead to arbitrary file reads and writes and remote...