Skip to main content

AGL app-framework-main CVE-2026-37531

| EUVDEUVD-2026-26685 CRITICAL
Path Traversal (CWE-22)
2026-05-01 mitre
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 01, 2026 - 17:32 vuln.today
EUVD ID Assigned
May 01, 2026 - 17:00 euvd
EUVD-2026-26685
Analysis Generated
May 01, 2026 - 17:00 vuln.today
CVE Published
May 01, 2026 - 00:00 nvd
CRITICAL 9.8

DescriptionCVE.org

AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow. The is_valid_filename function in wgtpkg-zip.c validates ZIP entry names but does not check for dot notation directory traversal sequences it only blocks absolute paths. The zread extraction function uses openat(workdirfd, filename, O_CREAT) which resolves dot notation values relative to the work directory, allowing files to be written anywhere on the filesystem. Critically, in function install_widget in file wgtpkg-install.c, extraction via zread occurs BEFORE signature verification via check_all_signatures. Even if signature verification fails, the error cleanup (remove_workdir) only deletes the temporary work directory files written outside via path traversal persist permanently.

AnalysisAI

Remote unauthenticated arbitrary file write in AGL (Automotive Grade Linux) app-framework-main through version 17.1.12 allows attackers to achieve code execution or system compromise via malicious widget packages. A crafted ZIP archive combining path traversal (../ sequences in filenames) with a time-of-check-time-of-use race condition allows files to be written anywhere on the filesystem before signature validation occurs. Even when signature checks fail, malicious files persist outside the temporary directory. EPSS data not available; no CISA KEV listing indicates targeted rather than widespread exploitation. Public technical analysis available via GitHub Gist reference suggests proof-of-concept may exist.

Technical ContextAI

AGL app-framework-main is the application framework for Automotive Grade Linux, responsible for widget (packaged application) installation and lifecycle management. The vulnerability stems from two compounded weaknesses in wgtpkg-zip.c and wgtpkg-install.c: First, the is_valid_filename function only blocks absolute paths (starting with /) but fails to reject relative path traversal sequences like ../../etc/cron.d/malicious. Second, the zread extraction function uses openat(workdirfd, filename, O_CREAT) which resolves these dot notation sequences relative to the work directory's parent filesystem context, not sanitized within the work directory itself. The critical design flaw is architectural: install_widget extracts ZIP contents via zread BEFORE invoking check_all_signatures for cryptographic validation. This creates a TOCTOU window where an attacker can deliver a widget with traversal paths, have files extracted to system locations, then have signature validation fail - but the cleanup routine (remove_workdir) only purges the temporary directory, leaving traversal-written files permanently on disk. This combines CWE-22 (Path Traversal) with CWE-367 (Time-of-Check Time-of-Use) to bypass security controls entirely.

RemediationAI

Apply vendor-released patch when available from AGL project via Gerrit repository at https://gerrit.automotivelinux.org/gerrit/src/app-framework-main - monitor for commits addressing CVE-2026-37531. Upstream fix should reorder install_widget to perform check_all_signatures BEFORE zread extraction, implement strict path canonicalization in is_valid_filename to reject any filename containing dot-dot sequences, and ensure zread cannot write outside workdirfd context regardless of path contents. Until patched version is released, implement compensating controls: (1) Disable remote widget installation entirely if not operationally required - this eliminates network attack vector but breaks legitimate app update workflows. (2) Deploy mandatory code signing with strict certificate pinning and reject unsigned widgets at ingress - note this only prevents exploitation if signature check is moved before extraction, which requires code changes. (3) Run app-framework-main in a confined filesystem namespace or container with read-only root filesystem and ephemeral writable overlay - limits traversal impact to container scope but may break legitimate widget functionality requiring system integration. (4) Network segmentation to restrict widget installation endpoints to authenticated management VLANs only - reduces PR:N to PR:L/H but does not eliminate vulnerability. Technical analysis reference: https://gist.github.com/sgInnora/8526eedcfd826d05ef1fc45d8f405643

Share

CVE-2026-37531 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy