CVE-2025-27519

Name of the Vulnerable Software and Affected Versions Cognita versions (affected versions not specified)

Description A path traversal issue exists at "/v1/internal/upload-to-local-directory" when the Local environment variable is set to true, such as when Cognita is set up using Docker. This allows an attacker to overwrite the /app/backend/ init .py file. Because the Docker environment sets up the backend uvicorn server with auto-reload enabled, the overwritten file will automatically be reloaded and executed, enabling remote code execution in the context of the Docker container.

Recommendations For all affected versions, update to a version that includes the fix from commit a78bd065e05a1b30a53a3386cc02e08c317d2243 to resolve the issue. As a temporary workaround, consider disabling the auto-reload feature of the uvicorn server or restricting access to the "/v1/internal/upload-to-local-directory" endpoint until the issue is resolved.