CVE-2026-7214

Name of the Vulnerable Software and Affected Versions eghuzefa engineer-your-data versions prior to 0.1.4

Description A path traversal issue exists in the src/server.py file. The manipulation of the WORKSPACE PATH argument within the read file(), write file(), list files(), and file inf() functions allows a remote attacker to access or modify files outside the intended directory. Path traversal is a technique that allows an attacker to read or write files on the server by manipulating file paths using special sequences like dot-dot-slash (../).

Recommendations As a temporary workaround, restrict access to the read file(), write file(), list files(), and file inf() functions or avoid using the WORKSPACE PATH argument until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.