CVE-2026-5595
Received Received - Intake
Path Traversal in griptape-ai FileManagerTool Enables Remote Exploit

Publication date: 2026-04-05

Last updated on: 2026-04-29

Assigner: VulDB

Description
A security vulnerability has been detected in griptape-ai griptape 0.19.4. Affected by this vulnerability is the function load_files_from_disk/list_files_from_disk/save_content_to_file/save_memory_artifacts_to_disk of the component FileManagerTool. Such manipulation leads to path traversal. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-05
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-05
EPSS Evaluated
2026-06-14
NVD
CVE-2026-5595
EUVD
EUVD-2026-19123
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
griptape-ai griptape 0.19.4
griptape-ai griptape to 1.9.4 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-5595 is a path traversal vulnerability in the FileManagerTool component of griptape-ai griptape version 0.19.4 and earlier. The vulnerability arises because the tool fails to properly sanitize file paths provided by the language model (LLM). It concatenates these paths directly with the working directory without validation, allowing an attacker to manipulate the file path using sequences like "../" to access files and directories outside the intended scope.

  • An attacker can read arbitrary files on the system, such as /etc/passwd.
  • An attacker can list arbitrary directories.
  • An attacker can write to arbitrary files, potentially modifying or creating files.
Impact Analysis

This vulnerability can have serious impacts including full read and write access to the host filesystem with the privileges of the Griptape agent user.

  • Information disclosure by reading sensitive files such as SSH keys and credentials.
  • Potential remote code execution by writing to files like ~/.bashrc or __init__.py.
  • System compromise through modification or deletion of critical system files.
Detection Guidance

This vulnerability can be detected by checking if the Griptape FileManagerTool component improperly handles file paths that include path traversal sequences such as "../". One way to detect exploitation attempts is to monitor logs or inputs for Base64-encoded strings that decode to path traversal patterns.

You can also test the system by attempting to invoke the vulnerable functions with crafted inputs that include path traversal sequences to see if arbitrary files can be read or written.

Example commands to detect the vulnerability might include sending requests or commands to the Griptape agent that attempt to read sensitive files like /etc/passwd by encoding the path traversal string in Base64 and observing if the file contents are returned.

Mitigation Strategies

Immediate mitigation steps include implementing strict path sanitization and validation in the FileManagerTool component.

  • Use os.path.basename() to remove directory components if only flat directory access is intended.
  • Resolve absolute paths with os.path.abspath() and ensure they reside within the intended working directory by using checks like os.path.commonpath or verifying that the path starts with the working directory path.

These mitigations prevent path traversal by ensuring that user-supplied paths cannot escape the designated directory.

Compliance Impact

The vulnerability allows an attacker to read and write arbitrary files on the host filesystem, potentially exposing sensitive information such as SSH keys and credentials.

This exposure of sensitive data and potential system compromise can lead to violations of data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access.

Therefore, exploitation of this vulnerability could result in non-compliance with these standards due to unauthorized disclosure or alteration of protected data.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-5595. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart