GHSA-C795-2G9C-J48M: GHSA-C795-2G9C-J48M: Remote Path Traversal and Arbitrary File Write in EverOS Memory Ingestion

#security #cve #cybersecurity #ghsa

GHSA-C795-2G9C-J48M: Remote Path Traversal and Arbitrary File Write in EverOS Memory Ingestion

Vulnerability ID: GHSA-C795-2G9C-J48M
CVSS Score: 8.2
Published: 2026-06-19

EverOS versions 1.0.0 and earlier contain a path traversal vulnerability in the user memory ingestion endpoint. By exploiting this flaw, unauthenticated network attackers can escape the designated database memory root and write arbitrary Markdown files to target directories on the local system.

TL;DR

Unauthenticated path traversal via the sender_id parameter in EverOS allows remote attackers to write arbitrary Markdown files outside the memory root, potentially leading to local system file corruption or application disruption.

Technical Details

CWE ID: CWE-22
Attack Vector: Network
CVSS v3.1: 8.2 (High)
Impact: Arbitrary File Write / Overwrite
Exploit Status: None
KEV Status: Not Listed

Affected Systems

EverOS (PyPI Package: everos) deployments
everos: <= 1.0.0 (Fixed in: 1.0.1)

Mitigation Strategies

Upgrade the EverOS PyPI package to version 1.0.1 or higher immediately.
Execute the application server using a low-privilege service account to restrict filesystem write access.
Implement a reverse proxy or Web Application Firewall rule to inspect and block payload strings containing parent-directory traversal patterns.

Remediation Steps:

Identify all server instances running the EverOS python library.
Execute the pip upgrade package command: pip install --upgrade everos>=1.0.1.
Restart the EverOS server service to ensure the new validation layers take effect.
Audit application server execution logs to verify that the daemon is not running with administrative privileges.