Home

Description

OpenBMB XAgent v1.0.0 and before is vulnerable to path traversal in the file() function in XAgent/XAgentServer/application/routers/workspace.py. The input parameter “filename” is user-controllable and is concatenated into the file path to be read without proper validation, leading to a directory traversal vulnerability that may result in sensitive information disclosure.

PUBLISHED Reserved 2026-02-16 | Published 2026-07-13 | Updated 2026-07-13 | Assigner mitre

References

gist.github.com/jack2223333/f79f233b67d6506b9dd184399525cbf4 exploit

gist.github.com/jack2223333/f79f233b67d6506b9dd184399525cbf4

cve.org (CVE-2026-26396)

nvd.nist.gov (CVE-2026-26396)

Download JSON