Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A vulnerability was detected in Kilo-Org kilocode up to 7.0.47. This vulnerability affects the function Bun.file of the file packages/opencode/src/kilocode/review/worktree-diff.ts of the component File Diff API Endpoint. Performing a manipulation of the argument File results in path traversal. It is possible to initiate the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
AnalysisAI
Path traversal in Kilo-Org kilocode's File Diff API Endpoint allows authenticated remote attackers to read arbitrary files outside intended directories. Affecting versions up to 7.0.47, the vulnerability exploits insufficient validation of file path arguments in the Bun.file function within the worktree-diff component. Public exploit code exists (EPSS probability and KEV status not provided), and the vendor has not responded to disclosure attempts, leaving users without vendor-confirmed remediation guidance.
Technical ContextAI
The vulnerability resides in the worktree-diff.ts module of kilocode's opencode package, specifically in how the File Diff API Endpoint processes file path parameters passed to Bun.file. Bun.file is a filesystem API from the Bun JavaScript runtime used to read file contents. The CWE-22 classification indicates classic path traversal - the application fails to properly sanitize or validate user-supplied file paths, allowing directory traversal sequences like '../' to escape the intended working directory. The CPE identifier cpe:2.3:a:kilo-org:kilocode indicates this affects the kilocode application from vendor kilo-org across all platforms. Code review functionality often requires diffing files from version control worktrees, creating a natural attack surface if path inputs aren't constrained to repository boundaries.
RemediationAI
No vendor-released patch or fixed version has been confirmed as Kilo-Org has not responded to vulnerability disclosure. Organizations using kilocode 7.0.47 or earlier should implement immediate compensating controls. First, restrict access to the File Diff API Endpoint to only highly trusted authenticated users through network segmentation or authentication policy tightening - reduces attack surface but limits code review functionality for broader teams. Second, deploy Web Application Firewall (WAF) rules or reverse proxy filters to detect and block requests containing directory traversal patterns (../, ..\ , URL-encoded variants) in file path parameters to the affected endpoint - effective against unsophisticated attacks but bypassable with encoding tricks or canonicalization issues. Third, apply filesystem-level access controls to limit the kilocode process's read permissions to only repository directories - contains blast radius but may break legitimate functionality if the application requires broader filesystem access. Fourth, monitor authentication logs and API access patterns for unusual file access requests, particularly those targeting sensitive paths like /etc/passwd, .env files, or configuration directories - provides detection but not prevention. Consider migrating to alternative code review platforms with active vendor security support given Kilo-Org's non-responsiveness. Before applying mitigations, test in non-production environments as path restrictions may break legitimate diff operations across repository boundaries. Consult VulDB entry https://vuldb.com/vuln/364390 and community resources for updates on unofficial patches or forks addressing this issue.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30709
GHSA-mwv7-rw63-qfm9