Lucene search
+L

13 matches found

nvd
nvd
added 2026/07/10 12:16 a.m.5 views

CVE-2026-50181

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's ReadFileTool and WriteFileTool appear to treat currdir as the intended working-directory boundary for file operations. However, the tools only change the process working directory t...

7.1CVSS0.00184EPSS
Exploits1References2
osv
osv
added 2026/07/09 11:44 p.m.2 views

CVE-2026-50181 Langroid: Path traversal in the file tools allows read/write outside configured current directory

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's ReadFileTool and WriteFileTool appear to treat currdir as the intended working-directory boundary for file operations. However, the tools only change the process working directory t...

7.1CVSS6.1AI score0.00184EPSS
Exploits1References4
cvelist
cvelist
added 2026/07/09 11:44 p.m.32 views

CVE-2026-50181 Langroid: Path traversal in the file tools allows read/write outside configured current directory

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, Langroid's ReadFileTool and WriteFileTool appear to treat currdir as the intended working-directory boundary for file operations. However, the tools only change the process working directory t...

7.1CVSS0.00184EPSS
Exploits1References2
snyk
snyk
added 2026/07/02 5:38 p.m.5 views

Relative Path Traversal

Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Relative Path Traversal through improper validation of user-supplied file paths in the ReadFileTool and WriteFileTool components. An attacker can access or modify files outside the...

8.4CVSS6AI score0.00184EPSS
Exploits1References3
github
github
added 2026/07/02 5:38 p.m.14 views

Langroid: Path traversal in the file tools allows read/write outside configured current directory

Summary Langroid's ReadFileTool and WriteFileTool appear to treat currdir as the intended working-directory boundary for file operations. However, the tools only change the process working directory to currdir and then operate on the user-supplied filepath without resolving and enforcing that the...

7.1CVSS5.8AI score0.00184EPSS
Exploits1References3Affected Software1
ptsecurity
ptsecurity
added 2026/07/02 12:0 a.m.12 views

PT-2026-55462

Name of the Vulnerable Software and Affected Versions Langroid versions prior to 0.64.0 Description Langroid's ReadFileTool and WriteFileTool fail to properly enforce the working-directory boundary defined by curr dir. While the tools change the process working directory to curr dir, they do not...

7.1CVSS6AI score0.00184EPSS
Exploits1References14
vulnrichment
vulnrichment
added 2026/04/29 7:0 p.m.3 views

CVE-2026-7400 geekgod382 filesystem-mcp-server read_file_tool/write_file_tool server.py is_path_allowed path traversal

A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function ispathallowed of the file server.py of the component readfiletool/writefiletool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit has be...

7.5CVSS7AI score0.0043EPSS
Exploits0References7
cvelist
cvelist
added 2026/04/29 7:0 p.m.29 views

CVE-2026-7400 geekgod382 filesystem-mcp-server read_file_tool/write_file_tool server.py is_path_allowed path traversal

A security vulnerability has been detected in geekgod382 filesystem-mcp-server 1.0.0. This issue affects the function ispathallowed of the file server.py of the component readfiletool/writefiletool. Such manipulation leads to path traversal. The attack can be launched remotely. The exploit has be...

7.5CVSS0.0043EPSS
Exploits0References7
veracode
veracode
added 2025/11/28 5:10 a.m.8 views

Improper Access Control

flowise is vulnerable to improper access control.The vulnerability is due to insufficient file path restrictions in the WriteFileTool and ReadFileTool, which allows an attacker to read or write arbitrary files and potentially achieve remote command execution...

9.9CVSS6.9AI score0.12115EPSS
Exploits1References8Affected Software3
osv
osv
added 2025/10/09 3:21 p.m.4 views

GHSA-JV9M-VF54-CHJJ Flowise is vulnerable to arbitrary file write through its WriteFileTool

Summary The WriteFileTool in Flowise does not restrict the file path for reading, allowing authenticated attackers to exploit this vulnerability to write arbitrary files to any path in the file system, potentially leading to remote command execution. Details Flowise supports providing WriteFileTo...

9.9CVSS7.4AI score0.12115EPSS
Exploits1References7
vulnrichment
vulnrichment
added 2025/10/08 10:43 p.m.2 views

CVE-2025-61913 Flowise is vulnerable to arbitrary file read, arbitrary file write

Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read and write arbitrary files to any...

9.9CVSS6.9AI score0.12115EPSS
Exploits1References4
osv
osv
added 2025/10/08 10:43 p.m.6 views

CVE-2025-61913 Flowise is vulnerable to arbitrary file read, arbitrary file write

Flowise is a drag & drop user interface to build a customized large language model flow. In versions prior to 3.0.8, WriteFileTool and ReadFileTool in Flowise do not restrict file path access, allowing authenticated attackers to exploit this vulnerability to read and write arbitrary files to any...

9.9CVSS6.9AI score0.12115EPSS
Exploits1References6
cnnvd
cnnvd
added 2025/10/08 12:0 a.m.7 views

Flowise 路径遍历漏洞

Flowise is a FlowiseAI open source tool for easily building LLM applications. A path traversal vulnerability exists in versions prior to Flowise 3.0.8, which stems from unrestricted file path access in WriteFileTool and ReadFileTool, and could lead to arbitrary file reads and writes and remote...

9.9CVSS6.9AI score0.12115EPSS
Exploits1References4
Rows per page
Query Builder