CVE-2026-29870

Name of the Vulnerable Software and Affected Versions agentic-context-engine versions up to 0.7.1

Description A directory traversal issue exists in the agentic-context-engine project. The checkpoint dir parameter within OfflineACE.run is susceptible to manipulation. The save to file method, located in ace/skillbook.py, does not properly sanitize or validate file system paths, enabling attackers to use traversal sequences to bypass the intended checkpoint directory. Successful exploitation could allow overwriting arbitrary files accessible to the application process, potentially resulting in application corruption, privilege escalation, or code execution. The vulnerable parameter is checkpoint dir.

Recommendations Versions prior to 0.7.1 should be updated.