ByteDance DeerFlow 路径遍历和引导模式下的任意文件写入漏洞

该路径遍历漏洞允许攻击者通过构造恶意代理名称，在 DeerFlow 系统中写入任意文件。攻击者可以利用此漏洞覆盖关键配置文件、执行恶意代码或篡改数据，从而完全控制受影响的系统。由于 DeerFlow 经常用于自动化和数据处理任务，因此该漏洞可能导致敏感信息泄露、系统中断或恶意软件传播。攻击者可能利用此漏洞进行横向移动，进一步渗透到网络中。如果 DeerFlow 部署在共享主机环境中，则多个用户都可能受到影响。

Organizations utilizing DeerFlow in their data processing pipelines, particularly those with bootstrap-mode custom-agent creation enabled, are at risk. Environments with less restrictive filesystem permissions for the DeerFlow process are especially vulnerable, as an attacker could leverage this vulnerability to gain broader system access. Users relying on DeerFlow for sensitive data processing should prioritize patching.

• python: Monitor DeerFlow process for unexpected file creation or modification outside of the intended custom-agent directory. Use os.walk() to recursively scan directories and identify suspicious files. • generic web: Examine DeerFlow logs for requests containing path traversal sequences in the agent name parameter. Use grep to search for patterns like ../ or absolute paths. • linux / server: Use lsof to identify processes accessing files outside the expected DeerFlow directory. lsof | grep deerflow

1. 2026-04-17Disclosure

   disclosure

1. 已保留2026-04-13
2. 发布日期2026-04-17
3. EPSS 更新日期2026-04-25

缓解此漏洞的首要措施是立即升级 DeerFlow 至修复版本 2176b2bbfccfce25ceee08318813f96d843a13fd。如果无法立即升级，可以考虑以下临时缓解措施：限制 DeerFlow 进程的权限，使其只能访问必要的目录；实施严格的输入验证，过滤掉包含路径遍历字符的代理名称；使用 Web 应用防火墙 (WAF) 或代理服务器来检测和阻止恶意请求。在升级后，请验证代理创建功能是否正常工作，并检查系统文件是否被篡改。