CVE-2026-58173
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
6.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Vulnerability Description
Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memory_type value containing path traversal sequences through the remember tool. Attackers can manipulate the memory_type parameter in the persistent memory store to cause the application to write arbitrary Markdown files to unintended locations on the filesystem.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-22
Source
NVD
Vendor
HKUDS
Product
Vibe-Trading
External References
- https://github.com/HKUDS/Vibe-Trading/pull/257
- https://github.com/HKUDS/Vibe-Trading/pull/257
- https://github.com/HKUDS/Vibe-Trading/pull/257
- https://github.com/HKUDS/Vibe-Trading/pull/257
- https://github.com/HKUDS/Vibe-Trading/releases/tag/v0.1.10
- https://www.vulncheck.com/advisories/vibe-trading-path-traversal-via-persistent-memory-type
- https://github.com/HKUDS/Vibe-Trading/pull/257
Discussion (0)
Add Comment
No comments yet. Be the first!