Skip to main content

RAGapp CVE-2026-13509

| EUVDEUVD-2026-40006 LOW
Path Traversal (CWE-22)
2026-06-28 cna@vuldb.com GHSA-284m-435q-x4gm
2.1
CVSS 4.0 · Vendor: vuldb

Severity by source

Vendor (vuldb) PRIMARY
2.1 LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.3 MEDIUM

Network-accessible API requires low-privilege authentication; path traversal yields limited read, write, and delete access, no scope change beyond the application process.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (vuldb).

CVSS VectorVendor: vuldb

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Source Code Evidence Fetched
Jun 28, 2026 - 22:31 vuln.today
Analysis Generated
Jun 28, 2026 - 22:31 vuln.today

DescriptionCVE.org

A vulnerability has been found in RAGapp up to 0.1.5. Affected is the function FileHandler.upload_file/FileHandler.remove_file of the file src/ragapp/backend/controllers/files.py of the component Knowledge File Handler. Such manipulation leads to path traversal. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance.

AnalysisAI

Path traversal in RAGapp's Knowledge File Handler (versions up to 0.1.5) allows authenticated low-privilege users to read, write, or delete files outside the intended data/ directory by supplying crafted filenames containing sequences such as '../' to the upload or remove file API endpoints. The vulnerability exists in the FileHandler.upload_file and FileHandler.remove_file functions in src/ragapp/backend/controllers/files.py, where client-supplied filenames were interpolated directly into file paths without sanitization. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege RAGapp credentials
Exploit
Send crafted multipart upload or DELETE request with traversal filename
Execution
Application constructs unsanitized path outside data/
Impact
Read, overwrite, or delete target file on host filesystem

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid authenticated session with low-privilege access to the RAGapp management API - PR:L per CVSS 4.0 vector confirms authentication is required but no elevated admin role is necessary. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base vector (AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N) with threat metric E:P yields a score of 2.1, reflecting limited CIA impact and a low-privilege authentication requirement. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated RAGapp user with low-privilege access crafts a multipart file upload HTTP request where the filename field contains a path traversal sequence such as '../../app_config.env', targeting the /management/files upload endpoint. The server, running vulnerable code that constructs the path as f'data/{file_name}', writes the uploaded content to the application root or parent directory rather than the intended data/ subdirectory. …
Remediation No vendor-released patched version is available at time of analysis - the fix exists only as unmerged PR #294 at https://github.com/ragapp/ragapp/pull/294, which awaits acceptance. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-13509 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy