Plattform
nodejs
Komponente
agxt
Behoben in
1.9.3
CVE-2026-39981 describes a Path Traversal vulnerability discovered in AGiXT, a dynamic AI Agent Automation Platform. This flaw allows authenticated attackers to bypass workspace restrictions and access arbitrary files on the server. The vulnerability impacts versions 1.0.0 through 1.9.1 and has been resolved in version 1.9.2.
The vulnerability lies within the safejoin() function of the essentialabilities extension, which fails to properly validate file paths. An attacker, after authentication, can craft directory traversal sequences (e.g., ../..) to navigate outside the intended agent workspace. This allows them to read sensitive configuration files, modify application data, or even delete critical system files. The potential impact extends to complete compromise of the AGiXT instance and potentially the underlying server, depending on the permissions of the AGiXT user account. While requiring authentication, the ease of exploitation makes this a significant risk, especially in environments with weak password policies or compromised user accounts.
This vulnerability was publicly disclosed on 2026-04-09. There are currently no known public proof-of-concept exploits available, but the ease of exploitation suggests that it could become a target for opportunistic attackers. The vulnerability is not currently listed on the CISA KEV catalog. The CVSS score of 8.8 (HIGH) reflects the potential for significant impact and relatively easy exploitation.
Organizations deploying AGiXT in production environments, particularly those with limited access controls or inadequate monitoring, are at significant risk. Shared hosting environments where multiple AGiXT instances reside on the same server are also vulnerable, as a compromise of one instance could potentially lead to the compromise of others.
• nodejs: Monitor AGiXT logs for unusual file access patterns or attempts to access files outside the designated workspace. Use lsof to identify processes accessing files within the workspace.
lsof /path/to/agixt/workspace• generic web: Examine access logs for requests containing directory traversal sequences (e.g., ../..).
grep '../..' /var/log/apache2/access.log• generic web: Check response headers for unexpected file content or server errors related to file access.
disclosure
Exploit-Status
EPSS
0.54% (68% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to immediately upgrade AGiXT to version 1.9.2 or later, which includes the necessary fix for the safe_join() function. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block requests containing directory traversal sequences like ../. Additionally, restrict the permissions of the AGiXT user account to the minimum required for its operation, limiting the potential damage from a successful exploit. Regularly review and audit file system access logs for suspicious activity. After upgrading, confirm the fix by attempting a directory traversal attack and verifying that access is denied.
Actualice AGiXT a la versión 1.9.2 o posterior para mitigar la vulnerabilidad de recorrido de directorios. Esta actualización corrige la validación incorrecta de las rutas de archivo, evitando que los atacantes accedan a archivos arbitrarios en el servidor.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-39981 is a Path Traversal vulnerability in AGiXT versions 1.0.0 through 1.9.1, allowing authenticated attackers to access arbitrary files on the server.
You are affected if you are running AGiXT versions 1.0.0 through 1.9.1. Upgrade to 1.9.2 to resolve the issue.
Upgrade AGiXT to version 1.9.2. As a temporary workaround, restrict access to the agent workspace and monitor file system activity.
No active exploitation has been confirmed, but the vulnerability's nature suggests it is likely to be targeted.
Refer to the AGiXT security advisories on their official website or GitHub repository for the latest information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.