CVE-2026-7271
Received Received - Intake
Path Traversal in DV0x creative-ad-agent-server Enables Remote Exploit

Publication date: 2026-04-28

Last updated on: 2026-04-28

Assigner: VulDB

Description
A vulnerability was detected in DV0x creative-ad-agent up to 751b9e5146604dc65049bd0f62dcbdad6212f8a3. Impacted is an unknown function of the file server/sdk-server.ts of the component creative-ad-agent-server. Performing a manipulation of the argument req.params results in path traversal. Remote exploitation of the attack is possible. The exploit is now public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The patch is named 3d255865a957f3740b8724dd914502c0f44d4970. Applying a patch is the recommended action to fix this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-04-28
Generated
2026-06-16
AI Q&A
2026-04-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7271
EUVD
EUVD-2026-26042
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dv0x creative-ad-agent to 751b9e5146604dc65049bd0f62dcbdad6212f8a3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a path traversal issue in the Creative Ad Agent SDK server, specifically in the file server/sdk-server.ts component. It occurs because the server accepts user-controlled route parameters without properly validating them, allowing an attacker to manipulate the argument req.params to traverse directories on the server's filesystem.

By exploiting this flaw, an attacker can craft requests with encoded traversal sequences (such as %2e%2e/) to access files outside the intended directory, including sensitive files on the host system like /etc/hosts.

The vulnerability affects the /images/:sessionId?/:filename endpoint and can be exploited remotely without authentication. The issue was confirmed in commit 751b9e5 and a patch has been released under commit 3d255865a957f3740b8724dd914502c0f44d4970.

Impact Analysis

This vulnerability can allow an attacker with network access to read arbitrary files on the server hosting the Creative Ad Agent SDK. This could lead to exposure of sensitive information stored on the server, including configuration files, credentials, or other private data.

Since the exploit is remote and does not require authentication, it increases the risk of unauthorized data disclosure and potential further attacks leveraging the accessed information.

Detection Guidance

This vulnerability can be detected by attempting to exploit the path traversal issue on the affected endpoint /images/:sessionId?/:filename by sending specially crafted requests containing encoded traversal sequences such as %2e%2e/.

A practical detection method is to use curl with the --path-as-is option to request files outside the intended directory, for example, requesting sensitive files like /etc/hosts to verify if the server improperly allows access.

  • curl --path-as-is http://<target-server>/images/anysession/%2e%2e/%2e%2e/%2e%2e/etc/hosts

If the server responds with the contents of the requested file, it confirms the presence of the path traversal vulnerability.

Mitigation Strategies

The recommended immediate mitigation is to apply the patch identified by commit 3d255865a957f3740b8724dd914502c0f44d4970, which addresses this path traversal vulnerability.

Until the patch is applied, restrict network access to the vulnerable service to trusted users only, and monitor for suspicious requests containing encoded traversal sequences.

Additionally, validate and sanitize all user-supplied path parameters to ensure they do not contain traversal characters or sequences.

Compliance Impact

The vulnerability is a path traversal issue allowing remote attackers to access arbitrary files on the server, including potentially sensitive system files.

Such unauthorized access to files could lead to exposure of sensitive or personal data, which may impact compliance with data protection regulations like GDPR or HIPAA if personal or protected health information is stored or accessible on the affected system.

However, the provided information does not specify whether personal data or regulated information is stored or exposed by this vulnerability, nor does it detail any direct compliance impact.

The recommended mitigation is to apply the patch to fix the vulnerability, which would help maintain compliance by preventing unauthorized data access.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7271. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart