CVE-2026-42075: Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in
Summary
Evolver, a GEP-powered self-evolving engine for AI agents, contained a path traversal vulnerability (a type of attack where an attacker manipulates file paths to access files outside their intended directory) in versions before 1.69.3. The vulnerability was in the skill download command's --out= flag, which did not validate user-provided file paths, allowing attackers to write files to any location on the system, potentially overwriting critical files.
Solution / Mitigation
This issue has been patched in version 1.69.3. Users should upgrade to version 1.69.3 or later.
Vulnerability Details
8.1(high)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
network
low
low
none
May 4, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-42075
First tracked: May 4, 2026 at 02:07 PM
Classified by LLM (prompt v3) · confidence: 85%