CVE-2026-7784

HIGH 7.3

RTGS2017 NagaAgent Skills Endpoint extensions.py path traversal

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file apiserver/routes/extensions.py of the component Skills Endpoint. Such manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE	CWE-22
Vendor	rtgs2017
Product	nagaagent
Published	May 4, 2026

Stay Ahead of the Next One

Get instant alerts for rtgs2017 nagaagent

Be the first to know when new high vulnerabilities affecting rtgs2017 nagaagent are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

RTGS2017 / NagaAgent

5.0 5.1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/360981 vuldb.com: https://vuldb.com/vuln/360981/cti vuldb.com: https://vuldb.com/submit/807744 github.com: https://github.com/RTGS2017/NagaAgent/issues/311 github.com: https://github.com/RTGS2017/NagaAgent/

Credits

🔍 CPT_Penner (VulDB User) VulDB CNA Team