CVE-2026-8770

continuedev continue JSON-RPC Server lsTool.ts lsTool path traversal

CVSS 4.8 MEDIUMEPSS 0.3%CWE-22

A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Productos afectados

continuedev · continue

PoCs públicas encontradas — 1

cve_referencegist.github.com/YLChen-007/da04e032993a4b2324df915f9ecf9831no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://gist.github.com/YLChen-007/da04e032993a4b2324df915f9ecf9831 https://vuldb.com/submit/811428 https://vuldb.com/vuln/364395 https://vuldb.com/vuln/364395/cti