Skip to main content

OfflineACE.run. The CVE-2026-29870

| EUVDEUVD-2026-17419 HIGH
Path Traversal (CWE-22)
2026-03-31 mitre GHSA-7gc4-v478-jrmv
7.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.6 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
Low

Lifecycle Timeline

3
EUVD ID Assigned
Mar 31, 2026 - 15:01 euvd
EUVD-2026-17419
Analysis Generated
Mar 31, 2026 - 15:01 vuln.today
CVE Published
Mar 31, 2026 - 00:00 nvd
HIGH 7.6

DescriptionCVE.org

A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpoint_dir parameter in OfflineACE.run. The save_to_file method in ace/skillbook.py fails to normalize or validate filesystem paths, allowing traversal sequences to escape the intended checkpoint directory. This vulnerability allows attackers to overwrite arbitrary files accessible to the application process, potentially leading to application corruption, privilege escalation, or code execution depending on the deployment context.

AnalysisAI

Directory traversal in agentic-context-engine up to version 0.7.1 enables arbitrary file writes through the checkpoint_dir parameter in OfflineACE.run, exploiting inadequate path normalization in the save_to_file method. Unauthenticated attackers can overwrite arbitrary files within the application process's permissions scope, potentially achieving code execution, privilege escalation, or application compromise depending on deployment context and file system layout.

Technical ContextAI

The vulnerability exists in the ace/skillbook.py module's save_to_file method, which processes user-supplied checkpoint_dir parameters without canonicalizing or validating filesystem paths. The root cause is improper input validation (CWE-22: Improper Limitation of a Pathname to a Restricted Directory) that fails to prevent directory traversal sequences (e.g., '../', '..\') from escaping the intended checkpoint directory boundary. This is a classic path traversal flaw where relative path components are not resolved to their canonical absolute forms before file operations. The affected product, agentic-context-engine, appears to be a Python-based framework for autonomous agents; CPE data is incomplete in available intelligence, indicating either a private/internal project or missing MITRE registration metadata.

RemediationAI

Upgrade agentic-context-engine to a version released after 0.7.1 that includes path validation fixes. Immediate mitigations include: (1) normalize all checkpoint_dir input using os.path.abspath() or pathlib.Path.resolve() to convert relative paths to absolute form, then verify the resolved path remains within the intended checkpoint directory using os.path.commonpath() or similar; (2) restrict checkpoint_dir to a whitelist of allowed directories or enforce strict directory naming conventions without path separators; (3) run the application with minimal filesystem permissions (principle of least privilege) to limit the blast radius of file overwrites. Contact the agentic-context-engine maintainers or monitor the GitHub repository (https://github.com/lilmingwa13/security-research/blob/main/CVE-2026-29870.md) for a patched release.

Share

CVE-2026-29870 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy