CVE-2026-16130
Received Received - Intake

Path Traversal in NearAI Ironclaw

Vulnerability report for CVE-2026-16130, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-18

Last updated on: 2026-07-18

Assigner: VulDB

Description

A vulnerability was identified in nearai ironclaw up to 0.29.1. The affected element is the function validate_path of the file src/tools/builtin/path_utils.rs of the component write_file. The manipulation leads to link following. Local access is required to approach this attack. The exploit is publicly available and might be used. The identifier of the patch is 369ff3d240cf3c0787b50e1e9f182e1a06c71255. It is recommended to apply a patch to fix this issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-18
Last Modified
2026-07-18
Generated
2026-07-19
AI Q&A
2026-07-18
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
nearai ironclaw to 0.29.1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-59 The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-16130 is a vulnerability in nearai ironclaw up to version 0.29.1 affecting the write_file tool. It involves improper path validation in the validate_path function of src/tools/builtin/path_utils.rs. The issue allows sandbox escape through dangling symlinks, where the validator checks the nearest existing ancestor but the final write follows the symlink to an external location. This enables arbitrary file writes outside the intended sandbox directory.

Detection Guidance

To detect this vulnerability, check for IronClaw versions up to 0.29.1 using commands like 'ironclaw --version' or inspect installed packages. Look for suspicious file writes outside sandbox directories or unexpected symlink targets in paths processed by write_file.

Impact Analysis

This vulnerability allows an attacker with local access to write files outside the sandboxed environment. This could lead to breaking project isolation, corrupting host files, or overwriting trusted configuration files. It may also enable unauthorized access to sensitive data if combined with other flaws in environment variable handling.

Compliance Impact

This vulnerability could potentially impact compliance with GDPR and HIPAA by enabling unauthorized access to sensitive data through sandbox escape. If exploited, it may allow attackers to write files outside intended boundaries, potentially exposing or corrupting sensitive configuration files or credentials. This could lead to data breaches or unauthorized disclosure, violating GDPR's data protection principles or HIPAA's safeguards for protected health information.

Mitigation Strategies

Apply the patch from commit 369ff3d240cf3c0787b50e1e9f182e1a06c71255 or upgrade to a version beyond 0.29.1. Review and restrict symlink handling in path validation and enforce strict sandbox boundaries for file operations.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-16130. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart