Skip to main content

Microsoft UFO CVE-2026-46402

HIGH
Path Traversal (CWE-22)
2026-05-27 GitHub_M
8.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
May 27, 2026 - 22:51 vuln.today
CVE Published
May 27, 2026 - 21:54 nvd
HIGH 8.1

DescriptionGitHub Advisory

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO uses the user-controlled task_name value directly when constructing session log paths. An authenticated client can supply path traversal sequences in task_name and cause UFO to create log directories and log files outside the intended logs/ directory.

AnalysisAI

Path traversal write in Microsoft UFO (build 3.0.1-4-ge2626659) lets an authenticated client smuggle directory-traversal sequences (e.g. ../) inside the user-controlled task_name value, which UFO concatenates directly into session log paths, causing it to create directories and write log files anywhere the process can reach outside the intended logs/ directory. The CVSS 8.1 (CWE-22) rating reflects high integrity and availability impact with no confidentiality loss, consistent with arbitrary file/directory creation rather than data theft. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV; the only available source is the vendor GitHub Security Advisory GHSA-whcg-fgpx-76f2.

Technical ContextAI

UFO is Microsoft's open-source framework for intelligent UI automation across devices and platforms; it orchestrates agent-driven tasks and persists per-session logs to a designated logs/ directory. The root cause is CWE-22 (Improper Limitation of a Pathname to a Restricted Directory): the task_name parameter is attacker-supplied yet is used verbatim to build the filesystem path for the session log directory and files, with no normalization or canonicalization to confine writes beneath logs/. The CPE cpe:2.3:a:microsoft:ufo:*:*:*:*:*:*:*:* identifies the affected component as the Microsoft UFO application across all listed versions, with the description pinning the observed vulnerable build to 3.0.1-4-ge2626659. Because the traversal occurs on the write/log path rather than a read path, the practical primitive is creating or appending to files in attacker-chosen locations, which can clobber existing files or seed files in sensitive directories.

RemediationAI

Patch status could not be independently confirmed: the GitHub Security Advisory GHSA-whcg-fgpx-76f2 (https://github.com/microsoft/UFO/security/advisories/GHSA-whcg-fgpx-76f2) documents the issue but no released patched version is stated in the available data, so upgrade to the fixed build identified in that advisory once confirmed. Until a fixed version is applied, the targeted compensating control is input sanitization of task_name - reject or strip path separators and traversal sequences (../, ..\, leading slashes, absolute paths) and canonicalize the resolved path, rejecting any result that does not remain beneath the intended logs/ directory; this changes nothing for legitimate alphanumeric task names but will break any workflow that intentionally relies on slashes in task names. Additionally, restrict and authenticate access to the UFO client/API surface so only trusted callers can submit tasks, and run the UFO process under a low-privilege account whose filesystem write scope is confined to limit what an out-of-bounds write can reach, accepting the operational overhead of tighter permissions.

Share

CVE-2026-46402 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy