PT-2026-53924 · Hkuds · Vibe-Trading
Published
2026-06-30
·
Updated
2026-06-30
·
CVE-2026-58173
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Vibe-Trading before 0.1.10 contains a path traversal vulnerability that allows attackers to write files outside the intended memory root directory by supplying a malicious memory type value containing path traversal sequences through the remember tool. Attackers can manipulate the memory type parameter in the persistent memory store to cause the application to write arbitrary Markdown files to unintended locations on the filesystem.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vibe-Trading