CVE-2026-5597: Path Traversal in griptape-ai 0.19.4
Platform
python
Component
griptape-ai
CVE-2026-5597 describes a Path Traversal vulnerability discovered in griptape-ai version 0.19.4. This flaw resides within the ComputerTool component, specifically in the file griptape\tools\computer\tool.py, allowing attackers to manipulate the 'filename' argument to access arbitrary files. The vulnerability is remotely exploitable and an exploit has been published, posing a significant risk. The vendor has not responded to early disclosure attempts.
How to fix
Actualice a una versión corregida de griptape-ai. La vulnerabilidad de path traversal en el archivo tool.py permite la ejecución remota de código. Verifique las fuentes oficiales de griptape-ai para obtener instrucciones de actualización.
Frequently asked questions
What is CVE-2026-5597?
CVE-2026-5597 is a Path Traversal vulnerability affecting griptape-ai version 0.19.4. It allows an attacker to access files outside the intended directory by manipulating the filename argument within the ComputerTool component.
Am I affected by CVE-2026-5597?
You are potentially affected if you are using griptape-ai version 0.19.4. The vulnerability is remotely exploitable and an exploit is publicly available, making it a high-priority concern.
How can I fix or mitigate CVE-2026-5597?
As of now, no official patch is available for CVE-2026-5597. Mitigation strategies may include restricting file access permissions, implementing input validation on the filename parameter, and closely monitoring system logs for suspicious activity.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free