3 matches found
CVE-2026-58173 Vibe-Trading < 0.1.10 - Path Traversal via Persistent Memory Type
Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memorytype value containing path traversal sequences through the remember tool. Attackers can manipulate the memorytype...
CVE-2026-58173
Vibe-Trading prior to 0.1.10 is affected by a path traversal vulnerability in which the memory_type value, supplied via the remember tool to the persistent memory store, enables writing files outside the intended memory root. This can allow an attacker to create arbitrary Markdown files at uninte...
CVE-2026-58171 Vibe-Trading < 0.1.10 - Path Traversal via Swarm Run Identifier
Vibe-Trading before 0.1.10 constructs the swarm run directory by joining a caller-supplied run identifier onto the runs base directory without validation in rundir agent/src/swarm/store.py. A crafted run identifier supplied through the MCP swarm tools causes the application to read arbitrary...