{"data":{"id":"c05bd4cf-4706-463d-97fb-52ea16006051","title":"CVE-2026-39981: AGiXT is a dynamic AI Agent Automation Platform. Prior to 1.9.2, the safe_join() function in the essential_abilities ext","summary":"AGiXT, a platform for automating AI agents, has a vulnerability in its safe_join() function (a tool meant to safely combine file paths) that fails to check whether file paths stay within the agent's allowed workspace. Before version 1.9.2, an authenticated attacker could use directory traversal sequences (special path tricks like '../' to navigate outside intended folders) to read, write, or delete files on the server.","solution":"Update AGiXT to version 1.9.2, where this vulnerability is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-39981","publishedAt":"2026-04-09T18:17:02.350Z","cveId":"CVE-2026-39981","cweIds":["CWE-22"],"cvssScore":"8.8","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["AGiXT"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-09T18:17:02.350Z","capecIds":["CAPEC-126"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":["AML.T0010"]}}