Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
C:L assigned over vendor's C:N because description explicitly confirms arbitrary run.json reads; all other metrics align with the provided vector.
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Vibe-Trading before 0.1.10 constructs the swarm run directory by joining a caller-supplied run identifier onto the runs base directory without validation in run_dir (agent/src/swarm/store.py). A crafted run identifier supplied through the MCP swarm tools causes the application to read arbitrary run.json files outside the runs directory and to overwrite existing run.json files at traversed locations.
AnalysisAI
Path traversal in Vibe-Trading's swarm run directory handler allows low-privileged network attackers to read and overwrite arbitrary run.json files on the host filesystem. All releases before 0.1.10 are affected via the MCP swarm tools interface, where a crafted run identifier is passed to the run_dir function in agent/src/swarm/store.py without sanitization, enabling directory escape. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must have low-privilege authenticated access to the MCP swarm tools interface (consistent with CVSS PR:L), meaning unauthenticated exploitation is not possible. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-assigned CVSS 3.1 score of 4.2 (Medium) reflects a network-accessible but high-complexity attack (AV:N/AC:H) requiring low-privilege authentication (PR:L) with unchanged scope (S:U). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated low-privileged user of a shared Vibe-Trading deployment submits a swarm run identifier containing path traversal sequences (e.g., '../../other-user/sensitive') through the MCP swarm tools API. The run_dir function in agent/src/swarm/store.py joins this value onto the base runs directory without canonicalization, resolving a path outside the intended directory. … |
| Remediation | Upgrade to Vibe-Trading v0.1.10 or later, which resolves the path traversal via the patch committed at https://github.com/HKUDS/Vibe-Trading/commit/f45fd85392f07b5e404e41d4fcb0ef0d6c2f87ab (merged via PR #258, https://github.com/HKUDS/Vibe-Trading/pull/258). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Vibe Trading
View allRemote code execution in HKUDS Vibe-Trading before 0.1.10 is reachable via a DNS-rebinding attack against its local API
Trading mandate forgery in HKUDS Vibe-Trading before 0.1.10 lets an admitted (low-privileged) caller supply a proposal i
Path traversal in Vibe-Trading before version 0.1.10 allows low-privileged authenticated network attackers to write arbi
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40352
GHSA-mjrq-xg2m-qg94