CVE-2026-58170 | HKUDS Vibe-Trading up to 0.1.9 File Upload Endpoint commit.py path traversal
A vulnerability described as critical has been identified in HKUDS Vibe-Trading up to 0.1.9. Affected is an unknown function of the file agent/src/live/mandate/commit.py of the component File Upload Endpoint. Executing a manipulation can lead to path traversal.
This vulnerability is registered as CVE-2026-58170. It is possible to launch the attack remotely. No exploit is available.
Upgrading the affected component is recommended.VulDB Recent EntriesRead More