CVE-2026-3954
Path Traversal in OpenBMB XAgent Workspace Allows Remote Exploitation
Publication date: 2026-03-11
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openbmb | xagent | 1.0.0 |
| openbmb | xagent | to 1.0.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3954 is a path traversal vulnerability in OpenBMB XAgent version 1.0.0, specifically in the workspace function of the file XAgentServer/application/routers/workspace.py.
The vulnerability occurs because the application does not properly sanitize the file_name parameter obtained from user input before using it to access files. This allows an attacker to craft malicious file paths containing directory traversal sequences (like ../../) to access files outside the intended workspace directory.
Exploitation can be done remotely without authentication by sending specially crafted requests to the /workspace/file endpoint, which results in arbitrary file reads on the server filesystem.
The vulnerability enables attackers to read sensitive files such as system files (/etc/passwd, /etc/shadow), application source code, database credentials, session secrets, and API keys.
Additionally, the container runs as root and default credentials are enabled, increasing the risk and ease of exploitation.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'This vulnerability allows remote attackers to read arbitrary files on the server hosting OpenBMB XAgent, potentially exposing highly sensitive information.'}, {'type': 'list_item', 'content': 'Exposure of system files such as /etc/passwd and /etc/shadow.'}, {'type': 'list_item', 'content': 'Leakage of database credentials including MySQL root user and Redis passwords.'}, {'type': 'list_item', 'content': "Access to all users' interaction data and workspace files."}, {'type': 'list_item', 'content': 'Disclosure of application source code, JWT/session secrets, and API keys.'}, {'type': 'paragraph', 'content': 'Because the container runs as root and default credentials are enabled, attackers can exploit this vulnerability immediately after deployment, increasing the risk of full system compromise.'}] [1, 3]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by attempting to exploit the path traversal flaw in the affected endpoints and observing if arbitrary files outside the intended directory can be accessed or manipulated.'}, {'type': 'paragraph', 'content': 'For the OpenBMB XAgent workspace path traversal, detection involves sending a crafted POST request to the `/workspace/file` endpoint with a malicious `file_name` parameter containing directory traversal sequences (e.g., `../../../../../../../etc/passwd`). If the contents of sensitive files like `/etc/passwd` are returned, the vulnerability is present.'}, {'type': 'paragraph', 'content': 'For the ToolServerNode component, detection involves sending a multipart file upload request to the `/upload_file` endpoint with a filename containing traversal sequences (e.g., `../../tmp/pwned`). If the file is written outside the intended workspace directory (e.g., `/tmp/pwned`), the vulnerability exists.'}, {'type': 'paragraph', 'content': 'Suggested commands for detection include using curl to send crafted requests:'}, {'type': 'list_item', 'content': 'Detect workspace path traversal (file read):\ncurl -X POST http://<target>/workspace/file -d "file_name=../../../../../../etc/passwd"'}, {'type': 'list_item', 'content': 'Detect ToolServerNode path traversal (file write):\ncurl -X POST http://<target>/upload_file -F "file=@testfile;filename=../../tmp/pwned"'}, {'type': 'paragraph', 'content': 'Additionally, checking for default credentials (guest/xagent) on the GUI (port 5173) may allow access to the system for further testing.'}] [1, 4]
What immediate steps should I take to mitigate this vulnerability?
Currently, no patches or fixes are available for this vulnerability as the project maintainers have not responded to the issue.
Immediate mitigation steps include:
- Restrict network access to the affected services, especially the `/workspace/file` and `/upload_file` endpoints, to trusted users only.
- Change or disable default credentials (guest/xagent) to prevent unauthorized access.
- Deploy network-level protections such as Web Application Firewalls (WAFs) to detect and block path traversal payloads containing sequences like `../`.
- Consider running the affected containers with reduced privileges instead of root to limit the impact of exploitation.
- Monitor logs and network traffic for suspicious requests attempting directory traversal.
Long-term mitigation involves replacing the vulnerable component with an alternative product or waiting for an official patch from the vendor.