CVE-2026-42085
Received Received - Intake
Path Traversal in OpenC3 COSMOS

Publication date: 2026-05-04

Last updated on: 2026-05-04

Assigner: GitHub, Inc.

Description
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the save_tool_config() function that allows saving tool configuration files at arbitrary locations inside the shared /plugins directory tree by supplying crafted configuration filenames. Although the implementation sufficiently mitigates standard path traversal attacks, by canonicalizing filename to an absolute path, all plugins share this same root directory. That enables users to create arbitrary file structures and overwrite existing configuration files within the shared /plugins directory. This issue has been patched in versions 6.10.5 and 7.0.0-rc3.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-04
Last Modified
2026-05-04
Generated
2026-05-07
AI Q&A
2026-05-05
EPSS Evaluated
2026-05-05
NVD
CVE-2026-42085
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openc3 cosmos to 7.0.0-rc3 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-23 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in OpenC3 COSMOS prior to versions 6.10.5 and 7.0.0-rc3. It is caused by a design flaw in the save_tool_config() function that allows users to save tool configuration files at arbitrary locations within the shared /plugins directory by using specially crafted configuration filenames.

Although the system tries to prevent standard path traversal attacks by converting filenames to absolute paths, all plugins share the same root directory. This allows users to create arbitrary file structures and overwrite existing configuration files within the shared /plugins directory.

This issue has been fixed in versions 6.10.5 and 7.0.0-rc3.


How can this vulnerability impact me? :

This vulnerability can allow a user with limited privileges to overwrite existing configuration files within the shared /plugins directory by creating arbitrary file structures. This could lead to unintended changes in tool configurations, potentially disrupting normal operations or causing misconfigurations.

Since the vulnerability does not allow direct code execution or data disclosure, the impact is limited to integrity issues within the configuration files.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade OpenC3 COSMOS to version 6.10.5 or later, or to version 7.0.0-rc3 or later, where the issue has been patched.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability in OpenC3 COSMOS allows users to overwrite existing configuration files within the shared /plugins directory due to a design flaw in the save_tool_config() function. This could potentially lead to unauthorized modification of configuration files.

However, there is no direct information provided about how this vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart