CVE-2026-26396 | OpenBMB XAgent up to 1.0.0 Workspace workspace.py file filename path traversal

SecurityVulns

A vulnerability categorized as problematic has been discovered in OpenBMB XAgent up to 1.0.0. Affected by this issue is the function File of the file XAgent/XAgentServer/application/routers/workspace.py of the component Workspace. Executing a manipulation of the argument filename can lead to path traversal.

This vulnerability appears as CVE-2026-26396. The attack may be performed from remote. There is no available exploit.VulDB Recent EntriesRead More