CVE-2026-26396

OpenBMB · XAgent

A path traversal vulnerability in the file() function of OpenBMB XAgent allows unauthenticated attackers to read sensitive files via the "filename" parameter.

Executive summary

A path traversal vulnerability in OpenBMB XAgent v1.0.0 and earlier allows unauthenticated remote attackers to access sensitive system files.

Vulnerability

The application is vulnerable to directory traversal within XAgentServer/application/routers/workspace.py. The filename parameter is inadequately validated, allowing unauthenticated attackers to supply crafted input and traverse the directory structure to read arbitrary files.

Business impact

With a CVSS score of 7.5, this vulnerability represents a high risk of sensitive information disclosure. Attackers can leverage this to exfiltrate configuration files, credentials, or source code, which could be used as a precursor to further system compromise or data theft.

Remediation

Immediate Action: Review the OpenBMB XAgent repository for security updates and apply patches that implement strict input sanitization on the filename parameter.

Proactive Monitoring: Monitor application access logs for suspicious patterns containing directory traversal sequences (e.g., ../, ..%2f) directed at the workspace.py endpoint.

Compensating Controls: Deploy a Web Application Firewall (WAF) with rules configured to block requests containing directory traversal characters or patterns in URI parameters.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Organizations running OpenBMB XAgent must treat this vulnerability with high urgency. Given the availability of a proof-of-concept, it is critical to sanitize inputs or restrict access to the affected service until an official patch is verified and applied.