CVE-2026-6855

Name of the Vulnerable Software and Affected Versions InstructLab (affected versions not specified)

Description A path traversal flaw exists in the chat session handler. A local attacker can manipulate the logs dir parameter to create new directories and write files to arbitrary locations on the system, which may result in unauthorized data modification or disclosure. Path traversal is a technique that allows an attacker to access files and directories that are stored outside the web root folder by manipulating variables or parameters that are used to build a file path.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.