Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L
Lifecycle Timeline
3DescriptionCVE.org
A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpoint_dir parameter in OfflineACE.run. The save_to_file method in ace/skillbook.py fails to normalize or validate filesystem paths, allowing traversal sequences to escape the intended checkpoint directory. This vulnerability allows attackers to overwrite arbitrary files accessible to the application process, potentially leading to application corruption, privilege escalation, or code execution depending on the deployment context.
AnalysisAI
Directory traversal in agentic-context-engine up to version 0.7.1 enables arbitrary file writes through the checkpoint_dir parameter in OfflineACE.run, exploiting inadequate path normalization in the save_to_file method. Unauthenticated attackers can overwrite arbitrary files within the application process's permissions scope, potentially achieving code execution, privilege escalation, or application compromise depending on deployment context and file system layout.
Technical ContextAI
The vulnerability exists in the ace/skillbook.py module's save_to_file method, which processes user-supplied checkpoint_dir parameters without canonicalizing or validating filesystem paths. The root cause is improper input validation (CWE-22: Improper Limitation of a Pathname to a Restricted Directory) that fails to prevent directory traversal sequences (e.g., '../', '..\') from escaping the intended checkpoint directory boundary. This is a classic path traversal flaw where relative path components are not resolved to their canonical absolute forms before file operations. The affected product, agentic-context-engine, appears to be a Python-based framework for autonomous agents; CPE data is incomplete in available intelligence, indicating either a private/internal project or missing MITRE registration metadata.
RemediationAI
Upgrade agentic-context-engine to a version released after 0.7.1 that includes path validation fixes. Immediate mitigations include: (1) normalize all checkpoint_dir input using os.path.abspath() or pathlib.Path.resolve() to convert relative paths to absolute form, then verify the resolved path remains within the intended checkpoint directory using os.path.commonpath() or similar; (2) restrict checkpoint_dir to a whitelist of allowed directories or enforce strict directory naming conventions without path separators; (3) run the application with minimal filesystem permissions (principle of least privilege) to limit the blast radius of file overwrites. Contact the agentic-context-engine maintainers or monitor the GitHub repository (https://github.com/lilmingwa13/security-research/blob/main/CVE-2026-29870.md) for a patched release.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-17419
GHSA-7gc4-v478-jrmv