Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
7DescriptionGitHub Advisory
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download (fetch) command allows attackers to write files to arbitrary locations on the filesystem. The --out= flag accepts user-provided paths without validation, enabling directory traversal attacks that can overwrite critical system files or create files in sensitive location. This issue has been patched in version 1.69.3.
AnalysisAI
Path traversal in Evolver's skill fetch command enables arbitrary file writes via unvalidated --out= flag. Authenticated attackers can overwrite system files or create malicious files in sensitive locations (e.g., cron directories) by using directory traversal sequences like '../../../etc/cron.d'. The vulnerability exists in index.js where user-provided paths from --out= are extracted without sanitization and passed directly to fs.mkdirSync(). Patch released in version 1.69.3. EPSS data not available; no CISA KEV listing indicates no confirmed widespread exploitation.
Technical ContextAI
Evolver is a GEP-powered self-evolving AI agent engine distributed as npm package @evomap/evolver. The vulnerability is a classic CWE-22 path traversal affecting the skill download fetch command's file handling logic. In index.js lines 752-767, the code extracts the --out= flag value using outFlag.slice('--out='.length) and passes it directly to Node.js fs.mkdirSync() without path canonicalization or boundary validation. While the fallback safeId variable sanitizes skill IDs via regex replacement, this protection only applies to the default path construction, not user-supplied --out= values. The cpe:2.3:a:evomap:evolver designation confirms this is an application-layer vulnerability in the Evolver product itself, not a transitive dependency issue. The GitHub Security Advisory GHSA-r466-rxw4-3j9j provides proof-of-concept code demonstrating directory traversal to /tmp and notes potential for targeting /etc/cron.d for privilege escalation.
RemediationAI
Upgrade to Evolver version 1.69.3 or later (npm install @evomap/evolver@1.69.3), which includes input validation for the --out= flag per release notes at https://github.com/EvoMap/evolver/releases/tag/v1.69.3. If immediate upgrade is not feasible, restrict evolver CLI access to trusted users only and audit all fetch command invocations. For containerized deployments, run evolver with minimal filesystem permissions using read-only mounts except for designated skill directories. Implement mandatory code review for any automation scripts invoking evolver fetch to ensure --out= values are hardcoded or validated against an allowlist of safe paths. Monitor filesystem changes in sensitive directories (/etc, /usr, system cron directories) for unexpected writes. Note that disabling the fetch command entirely is not practical as it is core functionality; access control is the primary workaround until patching.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27007
GHSA-r466-rxw4-3j9j