Is there a public PoC exploit available for EUVD-2026-19130?

Yes, a public proof-of-concept exploit is available for EUVD-2026-19130. Prioritise patching immediately. EPSS: 0.0%.

Griptape EUVD-2026-19130

Q: What is the CVSS score of EUVD-2026-19130?

EUVD-2026-19130 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-5597 LOW

Path Traversal (CWE-22)

2026-04-05 VulDB

GHSA-42pc-3px2-cj2r

Path Traversal Griptape

2.1

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

2.1 LOW

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:11 NVD

5.3 (MEDIUM) 2.1 (LOW)

PoC Detected

Apr 07, 2026 - 13:20 vuln.today

Public exploit code

EUVD ID Assigned

Apr 05, 2026 - 21:30 euvd

EUVD-2026-19130

Analysis Generated

Apr 05, 2026 - 21:30 vuln.today

CVE Published

Apr 05, 2026 - 21:15 nvd

MEDIUM 5.3

DescriptionCVE.org

A flaw has been found in griptape-ai griptape 0.19.4. This affects an unknown part of the file griptape\tools\computer\tool.py of the component ComputerTool. Executing a manipulation of the argument filename can lead to path traversal. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AnalysisAI

Remote path traversal in griptape-ai griptape 0.19.4 ComputerTool allows authenticated attackers to manipulate the filename argument in griptape/tools/computer/tool.py, enabling unauthorized file access with read, write, and limited availability impact. Publicly available exploit code exists; the vendor has not responded to early disclosure notifications.

Unlock full vulnerability intelligence

Risk assessment & exploitation conditions
Attack chain visualization
Remediation with exact patch versions
Threat intelligence from 22 sources
Personal watchlist & email alerts

Continue with Google Continue with GitHub

Free forever · No credit card required

Vulnerability AssessmentAI

Risk Assessment	CVSS 6.3 (AV:N/AC:L/PR:L/UI:N/S:U) indicates moderate risk with network-accessible remote exploitation requiring low privileges but no user interaction. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario	An authenticated attacker with access to a griptape deployment (e.g., a low-privileged user, API consumer, or compromised legitimate account) submits a request to the ComputerTool that includes a crafted filename parameter such as ../../etc/passwd or ../../../../sensitive_config.yml. The unsanitized path traversal allows the attacker to read configuration files, API keys, or other sensitive data stored outside the intended tool directory. …
Remediation	No vendor-released patch identified at time of analysis; the vendor was contacted early but has not responded with security updates or timeline. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

EUVD-2026-19130 vulnerability details – vuln.today

Back