DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-5GFJ-64GH-MGMW: GHSA-5gfj-64gh-mgmw: Path Traversal in AGiXT Essential Abilities Extension

#security #cve #cybersecurity #ghsa

GHSA-5gfj-64gh-mgmw: Path Traversal in AGiXT Essential Abilities Extension

Vulnerability ID: GHSA-5GFJ-64GH-MGMW
CVSS Score: 8.8
Published: 2026-04-08

A path traversal vulnerability exists in the safe_join() function of the essential_abilities extension in AGiXT prior to version 1.9.2. An authenticated attacker can exploit this flaw to read, write, or delete arbitrary files on the host system, bypassing intended agent workspace restrictions.

TL;DR

Authenticated path traversal in AGiXT < 1.9.2 allows users to escape agent workspaces and access the host filesystem, resulting in arbitrary file read, write, and delete capabilities.

⚠️ Exploit Status: POC

Technical Details

  • CWE: CWE-22 (Improper Limitation of a Pathname to a Restricted Directory)
  • Attack Vector: Network
  • CVSS Score: 8.8 (High)
  • Privileges Required: Low (Authenticated)
  • Impact: Arbitrary File Read/Write/Delete
  • Exploit Status: Proof of Concept Available

Affected Systems

  • agixt PyPI package
  • AGiXT essential_abilities extension
  • agixt: < 1.9.2 (Fixed in: 1.9.2)

Exploit Details

  • Advisory Details: Python requests script demonstrating read access to /etc/passwd via read_file command.

Mitigation Strategies

  • Upgrade the agixt package to version 1.9.2 or later.
  • Deploy Web Application Firewall (WAF) rules to block API requests containing path traversal sequences (../, ..) in JSON payloads.
  • Run the AGiXT application with the principle of least privilege, ensuring the host operating system user has restricted file access.
  • Implement network segmentation to isolate the AI agent platform from sensitive internal network zones.

Remediation Steps:

  1. Identify all deployments and virtual environments utilizing the agixt package.
  2. Execute pip install --upgrade agixt>=1.9.2 in all relevant environments.
  3. Restart the AGiXT service to ensure the patched extension is loaded into memory.
  4. Review historical HTTP logs targeting the /api/agent/*/command endpoints for indicators of past exploitation attempts.
  5. Monitor application logs for the specific PermissionError: Path traversal detected message introduced by the patch.

References

Read the full report for GHSA-5GFJ-64GH-MGMW on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)