PT-2026-41589 · Continue · Continue

Eric-G

Published

2026-05-17

Updated

2026-05-18

CVE-2026-8770

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions continuedev continue versions prior to 1.2.23

Description A path traversal issue exists in the JSON-RPC Server component within the lsTool() function of the core/tools/implementations/lsTool.ts file. This occurs when the dirPath argument is manipulated, allowing a local attacker to access files or directories outside the intended folder.

Recommendations Update to a version later than 1.2.22. As a temporary workaround, restrict access to the lsTool() function to minimize the risk of exploitation.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2026-8770

Affected Products

Continue

PT-2026-41589 · Continue · Continue

CVE-2026-8770

Weakness Enumeration

Related Identifiers

Affected Products

References · 9