CVE-2026-8770

continuedev continue JSON-RPC Server lsTool.ts lsTool path traversal

CVSS 4.8 MEDIUMEPSS 0.3%CWE-22

A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Affected products

continuedev · continue

public PoCs found — 1

cve_referencegist.github.com/YLChen-007/da04e032993a4b2324df915f9ecf9831unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gist.github.com/YLChen-007/da04e032993a4b2324df915f9ecf9831 https://vuldb.com/submit/811428 https://vuldb.com/vuln/364395 https://vuldb.com/vuln/364395/cti