DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-4JVX-93H3-F45H: GHSA-4jvx-93h3-f45h: Path Traversal and Arbitrary File Write in OpenC3 COSMOS

#security #cve #cybersecurity #ghsa

GHSA-4jvx-93h3-f45h: Path Traversal and Arbitrary File Write in OpenC3 COSMOS

Vulnerability ID: GHSA-4JVX-93H3-F45H
CVSS Score: Moderate
Published: 2026-04-22

OpenC3 COSMOS suffers from a path traversal vulnerability in its configuration management system. Insufficient validation of the tool and name parameters allows an attacker to write arbitrary files into the shared plugins directory, compromising system integrity.

TL;DR

A path traversal flaw in OpenC3 COSMOS allows users to overwrite arbitrary files in the /plugins directory due to unsanitized configuration filenames, potentially leading to remote code execution.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-22
  • Attack Vector: Network
  • Impact: Arbitrary File Write
  • Exploit Status: Proof of Concept Available
  • Privileges Required: System User/Admin

Affected Systems

  • OpenC3 COSMOS (Ruby implementation)
  • OpenC3 COSMOS (Python implementation)
  • OpenC3 COSMOS: < 6.10.5 (Fixed in: 6.10.5)
  • OpenC3 COSMOS: >= 7.0.0.pre.rc1, < 7.0.0-rc3 (Fixed in: 7.0.0-rc3)

Code Analysis

Commit: 9957a9f

Initial fix introducing a blacklist approach for configuration names.

Commit: e6efccb

Hardening commit replacing the blacklist with a strict regex allowlist.

Mitigation Strategies

  • Upgrade to a patched version of OpenC3 COSMOS
  • Implement strict allowlist input validation for all file and directory paths
  • Restrict network access to management APIs using firewall rules

Remediation Steps:

  1. Identify the currently installed version of OpenC3 COSMOS.
  2. Download version 6.10.5 or 7.0.0-rc3 (or later) from the official repository.
  3. Apply the update following standard deployment procedures.
  4. Review the /plugins directory for any suspicious or improperly placed files.
  5. Verify that API requests containing directory traversal sequences return an error.

References

Read the full report for GHSA-4JVX-93H3-F45H on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)