{"data":{"id":"8dd8c966-e9d2-4632-9116-2e827c93a373","title":"CVE-2026-59807: Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and ex","summary":"Composio SDK versions before 0.2.32-beta.283 have a path validation bypass vulnerability (a security flaw where file path checks are missing) that allows attackers to read and steal sensitive files like SSH private keys. Attackers can exploit prompt injection (tricking an AI by hiding instructions in its input) to manipulate file upload parameters and cause the CLI to send credential files to attacker-controlled storage.","solution":"Update Composio SDK to version 0.2.32-beta.283 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-59807","publishedAt":"2026-07-08T20:16:57.123Z","cveId":"CVE-2026-59807","cweIds":["CWE-73"],"cvssScore":"6.8","cvssSeverity":"medium","severity":"medium","attackType":["prompt_injection","data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Composio"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N","attackVector":"network","attackComplexity":"high","privilegesRequired":"none","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-07-08T20:16:57.123Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":["AML.T0051"]}}