πŸ” CVE Alert

CVE-2026-26396

HIGH 7.5
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th

OpenBMB XAgent v1.0.0 and before is vulnerable to path traversal in the file() function in XAgent/XAgentServer/application/routers/workspace.py. The input parameter β€œfilename” is user-controllable and is concatenated into the file path to be read without proper validation, leading to a directory traversal vulnerability that may result in sensitive information disclosure.

Vendor n/a
Product n/a
Published Jul 13, 2026
Last Updated Jul 13, 2026
Stay Ahead of the Next One

Get instant alerts for n/a n/a

Be the first to know when new high vulnerabilities affecting n/a n/a are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

Affected Versions

n/a / n/a
n/a

References

NVD β†— CVE.org β†— EPSS Data β†—
gist.github.com: https://gist.github.com/jack2223333/f79f233b67d6506b9dd184399525cbf4