CVE-2026-59807: Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and ex
Summary
Composio SDK versions before 0.2.32-beta.283 have a path validation bypass vulnerability (a security flaw where file path checks are missing) that allows attackers to read and steal sensitive files like SSH private keys. Attackers can exploit prompt injection (tricking an AI by hiding instructions in its input) to manipulate file upload parameters and cause the CLI to send credential files to attacker-controlled storage.
Solution / Mitigation
Update Composio SDK to version 0.2.32-beta.283 or later.
Vulnerability Details
6.8(medium)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N
network
high
none
none
July 8, 2026
Classification
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-59807
First tracked: July 8, 2026 at 08:07 PM
Classified by LLM (prompt v3) · confidence: 85%