CVE-2026-58171
Received Received - Intake

Path Traversal in Vibe-Trading Agent

Publication date: 2026-06-30

Last updated on: 2026-06-30

Assigner: VulnCheck

Description
Vibe-Trading before 0.1.10 constructs the swarm run directory by joining a caller-supplied run identifier onto the runs base directory without validation in run_dir (agent/src/swarm/store.py). A crafted run identifier supplied through the MCP swarm tools causes the application to read arbitrary run.json files outside the runs directory and to overwrite existing run.json files at traversed locations.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-30
Last Modified
2026-06-30
Generated
2026-06-30
AI Q&A
2026-06-30
EPSS Evaluated
N/A
NVD
CVE-2026-58171
EUVD
EUVD-2026-40352

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
hkuds vibe-trading to 0.1.10 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-58171 is a path traversal vulnerability in Vibe-Trading versions before 0.1.10. The issue occurs in the run_dir function where a user-supplied run identifier is concatenated with the base runs directory without proper validation. This allows an attacker to craft a malicious run identifier that can cause the application to read or overwrite arbitrary run.json files outside the intended runs directory.

Specifically, an attacker with access to the MCP swarm tools can supply run identifiers containing path traversal sequences (like "../") to access or modify files outside the designated directory, potentially affecting files that should be protected.

Impact Analysis

This vulnerability can impact you by allowing an attacker with MCP tool access to read or overwrite arbitrary run.json files outside the intended runs directory.

  • Unauthorized reading of sensitive run state or task data stored in run.json files.
  • Overwriting existing run.json files, which can lead to unauthorized modification of tasks, events, or run states.
  • Potential integrity and availability impacts due to unauthorized file modifications.

However, the vulnerability requires access to MCP swarm tools and has a low to medium severity depending on the scoring system.

Detection Guidance

This vulnerability involves path traversal via the MCP swarm run identifier, allowing reading or overwriting of arbitrary run.json files outside the intended directory.

To detect exploitation attempts, monitor logs or MCP swarm tool inputs for suspicious run identifiers containing path traversal patterns such as "../", absolute paths, or multiple path components.

You can search for such suspicious run identifiers by inspecting application logs or monitoring filesystem access patterns.

  • Use grep or similar tools to find run IDs with traversal sequences in logs, e.g., `grep -E '\.\./|/|\\' /path/to/vibe-trading/logs`
  • Check for unexpected modifications or access to run.json files outside the `.swarm/runs` directory using commands like `find /path/to/.swarm -name run.json -exec stat {} \;` to identify unusual timestamps or locations.
  • Monitor MCP swarm tool usage for errors or JSON error responses indicating rejected invalid run IDs, which may signal attempted exploitation.
Mitigation Strategies

The primary mitigation is to upgrade Vibe-Trading to version 0.1.10 or later, where the vulnerability is fixed by validating run identifiers to prevent path traversal.

If upgrading immediately is not possible, restrict access to MCP swarm tools to trusted users only, as exploitation requires MCP access.

Implement monitoring to detect and block run identifiers containing path traversal sequences or invalid formats.

Review and restrict filesystem permissions on the `.swarm/runs` directory and surrounding directories to limit unauthorized file modifications.

Apply any available patches or backported fixes that enforce strict validation of run IDs as opaque identifiers, rejecting path-shaped inputs.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-58171. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart