Platform
python
Component
deerflow
Fixed in
2176b2bbfccfce25ceee08318813f96d843a13fd
CVE-2026-40518 is a Path Traversal vulnerability discovered in ByteDance's DeerFlow, a Python-based component. This flaw allows attackers to bypass agent name validation during custom-agent creation in bootstrap mode, enabling them to write files outside the intended directory. Affected versions are those prior to commit 2176b2bbfccfce25ceee08318813f96d843a13fd; upgrading to this commit resolves the issue.
The core of this vulnerability lies in the inadequate validation of agent names when creating custom agents in DeerFlow's bootstrap mode. Attackers can craft malicious agent names containing path traversal sequences (e.g., ../..) or absolute paths. This bypasses the intended directory restriction, allowing them to write files to arbitrary locations on the system. The potential impact is significant, ranging from data corruption and denial of service to complete system compromise, depending on the filesystem permissions of the DeerFlow process. Successful exploitation could allow an attacker to execute arbitrary code or steal sensitive data.
This vulnerability was publicly disclosed on 2026-04-17. There is currently no indication of active exploitation campaigns targeting CVE-2026-40518. The vulnerability is not currently listed on CISA KEV. Public proof-of-concept code is not yet available, but the vulnerability's nature makes it likely that such code will emerge.
Exploit Status
EPSS
0.03% (9% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-40518 is to immediately upgrade DeerFlow to version 2176b2bbfccfce25ceee08318813f96d843a13fd, which includes the necessary fix. If upgrading is not immediately feasible, consider implementing stricter input validation on agent names within your DeerFlow configuration. While a WAF or proxy cannot directly prevent this vulnerability, they can be configured to monitor for suspicious file write attempts based on known path traversal patterns. Review and restrict filesystem permissions for the DeerFlow process to minimize the potential damage from successful exploitation. After upgrading, confirm the fix by attempting to create a custom agent with a malicious agent name containing path traversal sequences; the creation should fail with an appropriate error.
Actualice DeerFlow a la versión que incluya el commit 2176b2bbfccfce25ceee08318813f96d843a13fd o posterior. Esta corrección aborda la validación de nombres de agentes en el modo de arranque, previniendo la posibilidad de escritura arbitraria de archivos.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-40518 is a Path Traversal vulnerability in ByteDance's DeerFlow component, allowing attackers to write files outside the intended directory.
You are affected if you are using DeerFlow versions 0.0.0–2176b2bbfccfce25ceee08318813f96d843a13fd and have bootstrap-mode custom-agent creation enabled.
Upgrade DeerFlow to version 2176b2bbfccfce25ceee08318813f96d843a13fd. Implement stricter input validation as a temporary workaround.
There is currently no indication of active exploitation campaigns targeting CVE-2026-40518.
Refer to ByteDance's security advisories or DeerFlow's official documentation for updates and information regarding CVE-2026-40518.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.