Lucene search
K

32 matches found

NVD
NVD
added 14 hours ago6 views

CVE-2026-15621

A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function readfile/writefile/editfile of the file tools/fsops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was...

5.3CVSS
Exploits0References6
Cvelist
Cvelist
added 15 hours ago8 views

CVE-2026-15621 mosaxiv clawlet File Tools fs_ops.go edit_file link following

A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function readfile/writefile/editfile of the file tools/fsops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was...

5.3CVSS
Exploits0References6
EUVD
EUVD
added 15 hours ago6 views

EUVD-2026-43598

A vulnerability was detected in mosaxiv clawlet up to 0.2.10. This impacts the function readfile/writefile/editfile of the file tools/fsops.go of the component File Tools. Performing a manipulation results in link following. The attack needs to be approached locally. The reported GitHub issue was...

5.3CVSS5.9AI score
Exploits0References6
CVE
CVE
added 15 hours ago5 views

CVE-2026-15621

mosaxiv clawlet up to version 0.2.10 contains a vulnerability in the File Tools component, specifically in the read_file, write_file, and edit_file functionality implemented in tools/fs_ops.go. The issue arises from a manipulation that leads to link following, with exploitation requiring local ac...

5.3CVSS5.9AI score
Exploits0References6
CVE
CVE
added 5 days ago17 views

CVE-2026-50181

CVE-2026-50181 affects Langroid up to version 0.63.0, where ReadFileTool and WriteFileTool incorrectly trust curr_dir as a boundary. The tools change the process working directory to curr_dir and then operate on user-supplied file_path without resolving that the final path remains inside curr_dir...

7.1CVSS6AI score0.00184EPSS
Exploits1References2
OSV
OSV
added 2026/07/02 5:38 p.m.5 views

GHSA-FG23-3346-88F5 Langroid: Path traversal in the file tools allows read/write outside configured current directory

Summary Langroid's ReadFileTool and WriteFileTool appear to treat currdir as the intended working-directory boundary for file operations. However, the tools only change the process working directory to currdir and then operate on the user-supplied filepath without resolving and enforcing that the...

7.1CVSS5.8AI score0.00184EPSS
Exploits1References3
OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-464 PraisonAI Has Path Traversal in FileTools

Executive Summary: The path validation has a critical logic bug: it checks for .. AFTER normpath has already collapsed all .. sequences. This makes the check completely useless and allows trivial path traversal to any file on the system. The path validation function also does not resolve the...

9.2CVSS6AI score0.00416EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.11 views

CVE-2026-9351

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function isblockeddevice of the file tools/filetools.py of the component readfile Tool. Performing a manipulation results in path traversal. The attack may be initiated remotely. The...

6.9CVSS6.2AI score0.00676EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/24 3:15 a.m.26 views

CVE-2026-9351 NousResearch hermes-agent read_file Tool file_tools.py _is_blocked_device path traversal

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.16. This vulnerability affects the function isblockeddevice of the file tools/filetools.py of the component readfile Tool. Performing a manipulation results in path traversal. The attack may be initiated remotely. The...

6.9CVSS0.00676EPSS
Exploits0References4
CVE
CVE
added 2026/05/24 3:15 a.m.29 views

CVE-2026-9351

CVE-2026-9351 affects NousResearch Hermes-agent up to version 2026.4.16. The vulnerability resides in the read_file Tool’s file_tools.py, specifically the _is_blocked_device function, enabling path traversal through input manipulation. Attack vector is network with low complexity and no authentic...

6.9CVSS6.2AI score0.00676EPSS
Exploits0References4
CVE
CVE
added 2026/04/29 6:0 p.m.46 views

CVE-2026-7397

The CVE affects NousResearch hermes-agent v0.8.0, specifically the _check_sensitive_path logic in tools/file_tools.py, enabling symlink following when exploited locally. Details from connected records indicate the issue arises from path handling that can be manipulated by an attacker with local a...

4.8CVSS4.7AI score0.00138EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.9 views

PT-2026-35260

Easyboot 6.6.0 contains a buffer overflow vulnerability in the Replace Text function that allows local attackers to crash the application by supplying an oversized string. Attackers can trigger the vulnerability by accessing File Tools Replace Text and pasting a 7000-byte payload into the text...

6.9CVSS5.7AI score0.0018EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/09 7:23 p.m.5 views

CVE-2026-22682

OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository...

8.4CVSS6.2AI score0.00127EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 9:17 p.m.4 views

CVE-2026-39891

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the createagentcentrictools function returns tools like acpcreatefile that process file content using template rendering. When user input from agent.start is passed directly into these tools without escaping, template expressions in the...

8.8CVSS0.00558EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/07 6:31 p.m.4 views

EUVD-2026-19746

OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository...

8.4CVSS6.2AI score0.00127EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/07 5:9 p.m.18 views

CVE-2026-22682 OpenHarness Improper Access Control via File Tools

OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository...

8.4CVSS0.00127EPSS
Exploits0References3
CVE
CVE
added 2026/04/07 5:9 p.m.9 views

CVE-2026-22682

OpenHarness CVE-2026-22682 affects the built-in file tools. The root cause is inconsistent parameter handling in permission enforcement, specifically that the path parameter is not passed to the PermissionChecker in read_file, write_file, edit_file, and notebook_edit tools. This allows attackers ...

8.4CVSS6.2AI score0.00127EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/07 5:9 p.m.3 views

CVE-2026-22682

OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository...

8.4CVSS6.2AI score0.00127EPSS
Exploits0References4
CVE
CVE
added 2026/04/07 4:46 p.m.27 views

CVE-2026-35615

PraisonAI contains a path traversal vulnerability in FileTools._validate_path (src/praisonai-agents/praisonaiagents/tools/file_tools.py, lines 42-49). The method normalizes the input with os.path.normpath() and then checks for ".." in the normalized path, which is ineffective because normalizatio...

9.2CVSS5.9AI score0.00416EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/06 11:9 p.m.8 views

PraisonAI Has Path Traversal in FileTools

Executive Summary: The path validation has a critical logic bug: it checks for .. AFTER normpath has already collapsed all .. sequences. This makes the check completely useless and allows trivial path traversal to any file on the system. The path validation function also does not resolve the...

9.2CVSS6.1AI score0.00416EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder