3 matches found
instructlab-sdg (>=0.0.1 <=0.0.1rc4) potentially affected by CVE-2026-6855 via instructlab (=0.17.2)
instructlab PYPI version =0.17.2 is affected by a known vulnerability. The following packages have a transitive dependency on instructlab and may be impacted: - instructlab-sdg =0.0.1, =0.0.1rc4 Source cves: CVE-2026-6855 Source advisory: OSV:GHSA-PQMG-C2J8-FQ92...
CVE-2026-6855
creationtimestamp| type| source ---|---|--- 2026-04-22 15:17:53+00:00| seen| Telegram/QeC7MO7ScSSiOVGXLKN0WnA843zzLxkQwsFJUKCqjpspjuY 2026-04-22 16:10:19+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mk3v4dutit25...
CVE-2026-6855
CVE-2026-6855 affects InstructLab. A path traversal flaw in the chat session handler can be triggered by manipulating the logs_dir parameter, enabling a local attacker to create directories and write files to arbitrary system locations, potentially causing data modification or disclosure. The iss...