Stats Digest Feeds
← Back to all CVEs

CVE-2026-26396

HIGH NVD
CVSS Score 7.5
Severity HIGH
Published Jul 13, 2026
Vendor unknown

Description

OpenBMB XAgent v1.0.0 and before is vulnerable to path traversal in the file() function in XAgent/XAgentServer/application/routers/workspace.py. The input parameter “filename” is user-controllable and is concatenated into the file path to be read without proper validation, leading to a directory traversal vulnerability that may result in sensitive information disclosure.

References