CVE-2026-3954
Received Received - Intake
Path Traversal in OpenBMB XAgent Workspace Allows Remote Exploitation

Publication date: 2026-03-11

Last updated on: 2026-04-29

Assigner: VulDB

Description
A weakness has been identified in OpenBMB XAgent 1.0.0. Affected by this vulnerability is the function workspace of the file XAgentServer/application/routers/workspace.py. This manipulation of the argument file_name causes path traversal. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-03-11
EPSS Evaluated
2026-06-14
NVD
CVE-2026-3954
EUVD
EUVD-2026-11348
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
openbmb xagent 1.0.0
openbmb xagent to 1.0.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-3954 is a path traversal vulnerability in OpenBMB XAgent version 1.0.0, specifically in the workspace function of the file XAgentServer/application/routers/workspace.py.

The vulnerability occurs because the application does not properly sanitize the file_name parameter obtained from user input before using it to access files. This allows an attacker to craft malicious file paths containing directory traversal sequences (like ../../) to access files outside the intended workspace directory.

Exploitation can be done remotely without authentication by sending specially crafted requests to the /workspace/file endpoint, which results in arbitrary file reads on the server filesystem.

The vulnerability enables attackers to read sensitive files such as system files (/etc/passwd, /etc/shadow), application source code, database credentials, session secrets, and API keys.

Additionally, the container runs as root and default credentials are enabled, increasing the risk and ease of exploitation.

Impact Analysis

[{'type': 'paragraph', 'content': 'This vulnerability allows remote attackers to read arbitrary files on the server hosting OpenBMB XAgent, potentially exposing highly sensitive information.'}, {'type': 'list_item', 'content': 'Exposure of system files such as /etc/passwd and /etc/shadow.'}, {'type': 'list_item', 'content': 'Leakage of database credentials including MySQL root user and Redis passwords.'}, {'type': 'list_item', 'content': "Access to all users' interaction data and workspace files."}, {'type': 'list_item', 'content': 'Disclosure of application source code, JWT/session secrets, and API keys.'}, {'type': 'paragraph', 'content': 'Because the container runs as root and default credentials are enabled, attackers can exploit this vulnerability immediately after deployment, increasing the risk of full system compromise.'}] [1, 3]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to exploit the path traversal flaw in the affected endpoints and observing if arbitrary files outside the intended directory can be accessed or manipulated.'}, {'type': 'paragraph', 'content': 'For the OpenBMB XAgent workspace path traversal, detection involves sending a crafted POST request to the `/workspace/file` endpoint with a malicious `file_name` parameter containing directory traversal sequences (e.g., `../../../../../../../etc/passwd`). If the contents of sensitive files like `/etc/passwd` are returned, the vulnerability is present.'}, {'type': 'paragraph', 'content': 'For the ToolServerNode component, detection involves sending a multipart file upload request to the `/upload_file` endpoint with a filename containing traversal sequences (e.g., `../../tmp/pwned`). If the file is written outside the intended workspace directory (e.g., `/tmp/pwned`), the vulnerability exists.'}, {'type': 'paragraph', 'content': 'Suggested commands for detection include using curl to send crafted requests:'}, {'type': 'list_item', 'content': 'Detect workspace path traversal (file read):\ncurl -X POST http://<target>/workspace/file -d "file_name=../../../../../../etc/passwd"'}, {'type': 'list_item', 'content': 'Detect ToolServerNode path traversal (file write):\ncurl -X POST http://<target>/upload_file -F "file=@testfile;filename=../../tmp/pwned"'}, {'type': 'paragraph', 'content': 'Additionally, checking for default credentials (guest/xagent) on the GUI (port 5173) may allow access to the system for further testing.'}] [1, 4]

Mitigation Strategies

Currently, no patches or fixes are available for this vulnerability as the project maintainers have not responded to the issue.

Immediate mitigation steps include:

  • Restrict network access to the affected services, especially the `/workspace/file` and `/upload_file` endpoints, to trusted users only.
  • Change or disable default credentials (guest/xagent) to prevent unauthorized access.
  • Deploy network-level protections such as Web Application Firewalls (WAFs) to detect and block path traversal payloads containing sequences like `../`.
  • Consider running the affected containers with reduced privileges instead of root to limit the impact of exploitation.
  • Monitor logs and network traffic for suspicious requests attempting directory traversal.

Long-term mitigation involves replacing the vulnerable component with an alternative product or waiting for an official patch from the vendor.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3954. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart