CVE-2026-26396
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th
OpenBMB XAgent v1.0.0 and before is vulnerable to path traversal in the file() function in XAgent/XAgentServer/application/routers/workspace.py. The input parameter βfilenameβ is user-controllable and is concatenated into the file path to be read without proper validation, leading to a directory traversal vulnerability that may result in sensitive information disclosure.
| Vendor | n/a |
| Product | n/a |
| Published | Jul 13, 2026 |
| Last Updated | Jul 13, 2026 |
Stay Ahead of the Next One
Get instant alerts for n/a n/a
Be the first to know when new high vulnerabilities affecting n/a n/a are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
Affected Versions
n/a / n/a
n/a