← voltar
CVE-2026-8770

continuedev continue JSON-RPC Server lsTool.ts lsTool path traversal

CVSS 4.8 MEDIUMEPSS 0.3%CWE-22
A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
Produtos afetados
continuedev · continue
PoCs públicas encontradas1
cve_referencegist.github.com/YLChen-007/da04e032993a4b2324df915f9ecf9831não verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://gist.github.com/YLChen-007/da04e032993a4b2324df915f9ecf9831https://vuldb.com/submit/811428https://vuldb.com/vuln/364395https://vuldb.com/vuln/364395/cti