CVE-2026-8770
continuedev continue JSON-RPC Server lsTool.ts lsTool path traversal
CVSS Score
3.3
EPSS Score
0.0%
EPSS Percentile
2th
A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
| CWE | CWE-22 |
| Vendor | continuedev |
| Product | continue |
| Published | May 17, 2026 |
| Last Updated | May 18, 2026 |
Stay Ahead of the Next One
Get instant alerts for continuedev continue
Be the first to know when new low vulnerabilities affecting continuedev continue are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
continuedev / continue
1.2.0 1.2.1 1.2.2 1.2.3 1.2.4 1.2.5 1.2.6 1.2.7 1.2.8 1.2.9 1.2.10 1.2.11 1.2.12 1.2.13 1.2.14 1.2.15 1.2.16 1.2.17 1.2.18 1.2.19 1.2.20 1.2.21 1.2.22
References
Credits
๐ Eric-g (VulDB User) VulDB CNA Team