Executive Summary

CVE-2026-29870 is a directory traversal vulnerability in the agentic-context-engine project (versions up to 0.7.1) that allows attackers to write files outside the intended checkpoint directory.

The vulnerability occurs because the save_to_file method in ace/skillbook.py does not normalize or validate filesystem paths. This allows traversal sequences like "../" to escape the designated checkpoint directory when specifying the checkpoint_dir parameter in OfflineACE.run.

As a result, an attacker who can control or influence the checkpoint_dir parameter can cause the application to write or overwrite arbitrary files accessible to the application process, breaking the intended directory boundary.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to several serious impacts depending on the deployment context.

• Unintended file writes and overwrites outside the intended checkpoint directory.
• Potential application corruption by overwriting important files.
• Overwriting sensitive configuration files such as .env files.
• Possible privilege escalation or code execution if overwritten files are later processed or imported by the application.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if files are being written outside the intended checkpoint directory due to directory traversal sequences in the checkpoint_dir parameter.

Since the vulnerability involves arbitrary file writes via path traversal, you can monitor or audit file creation and modification events outside the expected checkpoint directory.

You can use commands to find unexpected files created outside the checkpoint directory, for example:

• Use find to locate files named like ace_latest.json or ace_checkpoint_*.json outside the expected directory: find /path/to/base -type f \( -name "ace_latest.json" -o -name "ace_checkpoint_*.json" \) ! -path "/path/to/base/checkpoints/*"
• Use auditd or inotifywait to monitor file writes outside the checkpoint directory.
• Check application logs or API parameters for suspicious or unexpected values of checkpoint_dir containing traversal sequences like "../".

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include normalizing and validating the checkpoint_dir parameter to prevent directory traversal.

Specifically, ensure that the application uses path normalization methods such as Path.resolve() and enforces that the resolved path remains within the intended base directory (e.g., using is_relative_to()).

Additionally, sanitize inputs to reject traversal sequences like "../" or restrict checkpoint_dir to safe subdirectories.

If possible, update the agentic-context-engine project to a version that includes these fixes or apply patches that implement these validations.

As a temporary measure, monitor and restrict user input controlling checkpoint_dir to trusted sources only.

Useful 0 Not Useful 0

Compliance Impact

This directory traversal vulnerability allows attackers to overwrite arbitrary files accessible to the application process, potentially leading to application corruption, privilege escalation, or code execution.

Such unauthorized file writes and potential data manipulation can compromise the confidentiality, integrity, and availability of sensitive data handled by the application.

Consequently, this vulnerability could lead to non-compliance with common standards and regulations like GDPR and HIPAA, which require strict controls to protect sensitive personal and health information from unauthorized access or alteration.

Specifically, if sensitive data or configuration files are overwritten or exposed due to this vulnerability, it may result in breaches of data protection obligations mandated by these regulations.

Useful 0 Not Useful 0