Vibe Trading
Monthly
Path traversal in Vibe-Trading before version 0.1.10 allows low-privileged authenticated network attackers to write arbitrary Markdown files outside the application's intended memory root directory. The `remember` tool fails to sanitize the `memory_type` parameter before constructing filesystem paths, enabling traversal sequences to escape the memory root and land files at attacker-controlled locations on the server. No public exploit or CISA KEV listing has been identified, but the high integrity impact and low attack complexity make patching urgent for any internet-exposed deployment.
Path traversal in Vibe-Trading's swarm run directory handler allows low-privileged network attackers to read and overwrite arbitrary run.json files on the host filesystem. All releases before 0.1.10 are affected via the MCP swarm tools interface, where a crafted run identifier is passed to the run_dir function in agent/src/swarm/store.py without sanitization, enabling directory escape. No public exploit is identified at time of analysis and the vulnerability is not in the CISA KEV catalog; a vendor-released patch is available as v0.1.10.
Trading mandate forgery in HKUDS Vibe-Trading before 0.1.10 lets an admitted (low-privileged) caller supply a proposal identifier containing path traversal sequences so the application loads an attacker-controlled JSON file as an authoritative live trading mandate. Because ceiling/limit validation is skipped when ceilings are absent, the attacker fully controls the committed mandate, enabling unauthorized live trades. A vendor patch exists and the issue was reported by VulnCheck, but there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Remote code execution in HKUDS Vibe-Trading before 0.1.10 is reachable via a DNS-rebinding attack against its local API server, which trusts the TCP peer address to waive the API_AUTH_KEY bearer-token check for loopback clients, performs no Host-header validation, and binds to 0.0.0.0 with credentialed CORS by default. Because loopback requests also auto-enable shell tools, a malicious web page visited by the victim can issue authenticated POST /swarm/runs calls with a built-in preset that permits the bash tool, executing arbitrary commands as the API process user and also overwriting LLM and data-source settings to redirect provider traffic and exfiltrate credentials. No CISA KEV listing or EPSS score was provided and no public exploit identified at time of analysis, though the issue was reported by VulnCheck.
Path traversal in Vibe-Trading before version 0.1.10 allows low-privileged authenticated network attackers to write arbitrary Markdown files outside the application's intended memory root directory. The `remember` tool fails to sanitize the `memory_type` parameter before constructing filesystem paths, enabling traversal sequences to escape the memory root and land files at attacker-controlled locations on the server. No public exploit or CISA KEV listing has been identified, but the high integrity impact and low attack complexity make patching urgent for any internet-exposed deployment.
Path traversal in Vibe-Trading's swarm run directory handler allows low-privileged network attackers to read and overwrite arbitrary run.json files on the host filesystem. All releases before 0.1.10 are affected via the MCP swarm tools interface, where a crafted run identifier is passed to the run_dir function in agent/src/swarm/store.py without sanitization, enabling directory escape. No public exploit is identified at time of analysis and the vulnerability is not in the CISA KEV catalog; a vendor-released patch is available as v0.1.10.
Trading mandate forgery in HKUDS Vibe-Trading before 0.1.10 lets an admitted (low-privileged) caller supply a proposal identifier containing path traversal sequences so the application loads an attacker-controlled JSON file as an authoritative live trading mandate. Because ceiling/limit validation is skipped when ceilings are absent, the attacker fully controls the committed mandate, enabling unauthorized live trades. A vendor patch exists and the issue was reported by VulnCheck, but there is no public exploit identified at time of analysis and it is not listed in CISA KEV.
Remote code execution in HKUDS Vibe-Trading before 0.1.10 is reachable via a DNS-rebinding attack against its local API server, which trusts the TCP peer address to waive the API_AUTH_KEY bearer-token check for loopback clients, performs no Host-header validation, and binds to 0.0.0.0 with credentialed CORS by default. Because loopback requests also auto-enable shell tools, a malicious web page visited by the victim can issue authenticated POST /swarm/runs calls with a built-in preset that permits the bash tool, executing arbitrary commands as the API process user and also overwriting LLM and data-source settings to redirect provider traffic and exfiltrate credentials. No CISA KEV listing or EPSS score was provided and no public exploit identified at time of analysis, though the issue was reported by VulnCheck.