CVE-2026-58170 | HKUDS Vibe-Trading up to 0.1.9 File Upload Endpoint commit.py path traversal

SecurityVulns

A vulnerability described as critical has been identified in HKUDS Vibe-Trading up to 0.1.9. Affected is an unknown function of the file agent/src/live/mandate/commit.py of the component File Upload Endpoint. Executing a manipulation can lead to path traversal.

This vulnerability is registered as CVE-2026-58170. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More